Skills
skills/k-dense-ai/scientific-agent-skills/molfeat/Gen Agent Trust Hub

molfeat

Warn

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions in 'SKILL.md' and 'references/examples.md' to install the 'molfeat' package and its various optional dependencies (e.g., 'molfeat[all]', 'molfeat[dgl]', 'molfeat[transformer]') from public package registries using the 'uv pip' tool.
  • [COMMAND_EXECUTION]: In 'SKILL.md' and 'references/examples.md', the skill demonstrates using the 'pickle' module to cache and load expensive embeddings. Loading untrusted pickle files can result in arbitrary code execution on the host system.
  • [COMMAND_EXECUTION]: The skill uses methods such as 'MoleculeTransformer.from_state_yaml_file()' to load configuration from external YAML files. If the underlying library does not use a safe YAML loader, this can be exploited to execute arbitrary commands via a malicious configuration file.
  • [COMMAND_EXECUTION]: The skill encourages the use of parallel processing via 'n_jobs=-1', which involves the creation of multiple subprocesses to manage molecular featurization tasks across CPU cores.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 9, 2026, 10:12 PM