3D Molecule Ray-tracer

Security checks across malware telemetry and agentic risk

Overview

This skill coherently generates local PyMOL or ChimeraX rendering scripts and does not show hidden credential access, persistence, or exfiltration behavior.

Installers should treat this as a local script-generation skill: keep output paths inside the workspace, review generated .pml or .cxc files before running them in PyMOL or ChimeraX, and expect possible network access only when those tools fetch public PDB structures.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The 'When to Use' section includes broad language about generic data analysis, assumptions, fallback paths, and reproducible outputs beyond molecular rendering. This can cause the agent to invoke the skill for tasks outside its intended domain, increasing the chance of inappropriate script execution, file writes, or unsafe handling of unrelated inputs.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal