biomni

This skill is coherent with its stated purpose but contains high-risk capabilities that are unnecessary to grant by default without enforced protections. The primary hazards are arbitrary execution of LLM-generated code with full system privileges, configurable external MCP servers that can receive sensitive data, and automatic large data downloads without described integrity verification. I find no explicit hardcoded secrets or obfuscated/malicious code in the provided documentation, but the operational design requires strict sandboxing, integrity checks for downloads, and careful MCP endpoint vetting before use. Treat as potentially dangerous unless run in isolated, well-audited environments and after validating data sources and MCP server endpoints.