pylabrobot

[Skill Scanner] Installation of third-party script detected This skill documentation itself contains no executable code and shows no indicators of malware or credential harvesting. Capabilities described are consistent with a lab automation SDK and the permissions implied (hardware control) are proportionate to that purpose — but controlling lab equipment carries real-world safety risks that must be managed at deployment. Two minor anomalies: a stray 'uv' in the install example (typo) and an embedded promotional recommendation for a third‑party hosted product (K‑Dense Web) which is unusual for upstream project documentation and should be reviewed for integrity. Overall low probability of malware; moderate operational risk due to hardware control. LLM verification: The provided SKILL.md contains no implementation-level evidence of malware, but it documents installation and use of software that controls high-impact physical laboratory equipment. The immediate, observable issues are supply-chain hygiene weaknesses (unpinned 'pip install pylabrobot' and unspecified package provenance) and missing safety guidance for controlling physical devices. These elevate the potential impact if the actual package code were malicious. I recommend delaying use on real hard