Security audit

Scientific Thinking — Biology & Life Science

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only biology reasoning skill; the only notable issue is that README payment images may load from GitHub when viewed.

Install only if you want biology-related answers to be more structured and cautious. Be aware that viewing the README in a renderer that loads remote images may contact GitHub-hosted image URLs for donation QR codes; this does not affect runtime skill behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 90% confidence
Finding: The README embeds remote images from raw.githubusercontent.com for payment QR codes. When a user views the document in a renderer that fetches remote assets, their client may automatically make network requests to a third-party server, disclosing metadata such as IP address, user agent, access time, and possibly repository/referrer context without explicit notice. In skill ecosystems that emphasize local/offline artifacts, this is a real but low-severity privacy issue rather than code execution.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.