biomni

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] This SKILL.md describes a plausible, legitimate biomedical agent with powerful capabilities that match its stated purpose. However, it contains high-risk operational choices: it executes LLM-generated code with full system privileges and supports configurable MCP servers that can access external APIs and laboratory equipment. Those features are coherent with the skill’s stated goals but are disproportionate unless strict sandboxing, least-privilege execution, and endpoint auditing are enforced. There are no direct signs of embedded malware (no hard-coded credentials, obfuscated payloads, or suspicious domains) in the provided text, but the architecture allows straightforward paths for data leakage or command-and-control-like misuse if misconfigured or if downstream components (LLM, MCP endpoints, or dataset download sources) are compromised. Recommendation: treat as suspicious until runtime sandboxing, allowlists, and secure MCP configuration / verification mechanisms are present and enabled by default. LLM verification: The Biomni fragment outlines a plausible autonomous biomedical AI agent framework, yet its current documentation contains several security and reliability gaps (typos in install commands, unpinned dependencies, credential exposure risks, and large local data handling without explicit safeguards). It should be treated with caution and hardened before deployment: fix installation instructions, adopt pinned version constraints and reproducible builds, implement secure credential management (secret