claude-scientific-skills

SUSPICIOUS: overall footprint mostly matches a legitimate research-automation skill, and the main install path is coherent with official PyPI/GitHub project docs. Risk is elevated by unpinned dependencies, weaker package provenance, optional Docker use with mounted `.env` credentials, and unspecified external-content/literature-search handling; these are meaningful security concerns but not evidence of confirmed malware.

SUSPICIOUS: the skill's stated purpose matches biomedical research automation, and install instructions appear proportionate and official. However, its core design gives an AI agent autonomous code execution with full system privileges, optional broad external integrations, and outbound LLM/API data flows, making it a high-risk but not clearly malicious skill.