tooluniverse

[Skill Scanner] Installation of third-party script detected Overall, the fragment appears to be a benign, coherently scoped skill description for a scientific tool discovery/execution platform. There are no malicious instructions, credential leaks, or misrepresentations within the provided content. In a real deployment, ensure provenance of the package, secure handling of credentials (API keys, tokens), and proper access controls for tool execution endpoints. The lack of explicit credential requirements in this fragment is sensible, but real usage will necessitate secure management of external service credentials. LLM verification: This SKILL.md is documentation for a broad scientific-tool orchestration skill. The text itself contains no executable malicious code or obvious backdoors, so direct malware is unlikely in this fragment. However, the skill's scope (600+ tools), installation of third-party components (scanner flagged a pip install), and lack of explicit data-flow and credential-handling guarantees raise supply-chain and data-exfiltration risks. Before trusting or installing the full implementation, reviewers shou