The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The file assets/fiora/fiora/GNN/FioraModel.py contains a load class method that uses dill.load() to deserialize model data. The dill module is inherently insecure as it can execute arbitrary Python code embedded in the serialized object. While the skill's standard prediction script uses a safer loading method, the presence of this vulnerability in the library poses a risk if an agent is directed to load an untrusted model file.
[COMMAND_EXECUTION]: Several components in the assets/fiora/scripts/ directory, such as predict-single-smiles.py, utilize subprocess.run() to execute other internal utilities. Furthermore, the main automation script ms_spectra_simulation.py uses the --output-stem argument to construct file paths (e.g., /tmp/chemclaw/{args.output_stem}.msp) without sanitizing for directory traversal characters like ../. This could allow a malicious actor to influence the agent to write or overwrite files outside of the intended temporary directory.
[EXTERNAL_DOWNLOADS]: The script ms_spectra_simulation.py uses the Playwright library to perform browser automation, interacting with the fioRa web application at https://apps.bam.de/shn01/fioRa/. This application is hosted by the Bundesanstalt für Materialforschung und -prüfung (BAM), which is a trusted German federal institute. This interaction is consistent with the skill's primary scientific purpose.

ms-spectra-simulation