openmm-exchange-setup
Warn
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's installation metadata specifies the package
@3rd-eye-labs/openmm. This package belongs to a scope that does not match the skill's author ('qbtlabs') and is not found on the trusted vendors list, qualifying it as an unverifiable external dependency.\n- [COMMAND_EXECUTION]: The troubleshooting section suggests that users runsudo ntpdate time.google.comto fix clock synchronization issues. Recommending commands that requiresudoor elevated privileges is a potential security concern, even when the destination service (Google) is well-known. Additionally, the skill utilizes a Bash tool restricted toopenmmcommands for verifying exchange connections.
Audit Metadata