biomni

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] The Biomni skill's stated purpose and capabilities are consistent with the documentation: it legitimately requires access to datasets, LLM providers, and code execution to perform complex biomedical tasks. However, the design choice to execute LLM-generated code with full system privileges, combined with automatic downloading of large data lakes and user-configurable MCP servers, creates substantial supply-chain and data-exfiltration risks if not strictly sandboxed and audited. There are no explicit signs of malware or obfuscated code in the provided fragment, but the framework's powerful capabilities and broad credential requirements make it SUSPICIOUS from a supply-chain/security standpoint unless deployed with strong isolation, network egress controls, endpoint vetting, and integrity checks for downloaded data. LLM verification: The skill's documented capabilities are broadly consistent with its stated purpose (an autonomous biomedical agent), but there are notable supply-chain and privacy risks. Key concerns: unpinned/third-party installs and setup scripts (supply-chain risk), automatic large data downloads with no documented verification, broad collection/use of multiple LLM API keys, and the optional MCP 'laboratory equipment interfaces' (remote-control risk). The fragment contains no explicit malware or obfuscation,