Skills
skills/nanmicoder/claude-code-skills/langchain-use/Gen Agent Trust Hub

langchain-use

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): Use of eval() for tool logic.
  • Evidence: In references/tools/tool-basics.md, a calculator tool is defined using return str(eval(expression)). This is a classic Arbitrary Code Execution (ACE) vulnerability, as a model could be manipulated to execute malicious Python commands.
  • [REMOTE_CODE_EXECUTION] (MEDIUM): Execution of local scripts via MCP.
  • Evidence: In references/advanced/mcp.md, the documentation demonstrates configuring the MultiServerMCPClient to execute local Python files (e.g., /path/to/math_server.py) using the stdio transport mechanism.
  • [CREDENTIALS_UNSAFE] (LOW): Hardcoded default database credentials.
  • Evidence: Files SKILL.md and references/memory/short-term-memory.md contain connection strings with default credentials (postgres:postgres@localhost). While common in documentation, these represent unsafe credential patterns.
  • [EXTERNAL_DOWNLOADS] (SAFE): Installation of trusted packages.
  • Evidence: The skill recommends installing langchain, langchain-anthropic, and langgraph-checkpoint-postgres, which are from trusted organizations.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:14 PM