Skills
skills/internscience/chemclaw/nmr-prediction/Gen Agent Trust Hub

nmr-prediction

Warn

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill uses joblib.load() and torch.load() to process model weights and scaling parameters downloaded from Zenodo. These methods are based on Python's pickle module and can execute arbitrary code contained within the files. Affected files include assets/NMRNet/uninmr/utils/data_scaler.py and assets/Uni-Core/unicore/checkpoint_utils.py.
  • [REMOTE_CODE_EXECUTION]: The Uni-Core framework uses eval() and exec() to parse configuration strings, such as adam-betas and other list/dictionary arguments. This occurs in assets/Uni-Core/unicore/utils.py and assets/Uni-Core/unicore/optim/adam.py.
  • [EXTERNAL_DOWNLOADS]: Fetches approximately 1.1GB of model data from Zenodo (zenodo.org), which is a well-known scientific data repository.
  • [COMMAND_EXECUTION]: The installation script assets/Uni-Core/setup.py executes subprocess.check_output to query the system's CUDA environment.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 30, 2026, 12:52 AM