Lipinski Rule Filter

Security checks across malware telemetry and agentic risk

Overview

This looks like a local chemistry filtering tool with expected file reads and writes, not hidden or destructive behavior.

Install only if you are comfortable running a local Python/RDKit script on chosen compound files. Use a dedicated workspace, confirm input and output paths before running, avoid pointing output at important existing files, and prefer pinning/auditing the RDKit dependency version.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (5)

Intent-Code Divergence

Medium

Confidence: 91% confidence
Finding: The audit-ready command passes free-form clinical text to a parameter documented as a file path, creating a dangerous interface contradiction. In agentic or automated environments, this can cause the skill to mis-handle untrusted text as a path or unsupported input, leading to unsafe execution attempts, confusing failures, or downstream misuse of the script outside its intended chemistry scope.

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The activation guidance is broad enough to invite use beyond the narrowly defined Lipinski filtering task, including generic 'data analysis' situations. In an agent setting, ambiguous routing increases the chance the skill is invoked on inappropriate or attacker-shaped inputs, which can trigger unintended file access, script execution, or incorrect outputs under a misleadingly authoritative workflow.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill documents output file generation but does not clearly warn that execution may create or overwrite files. In automated workflows, insufficient disclosure of write-side effects can lead to accidental data loss, clobbering of prior results, or unsafe assumptions about idempotence when users supply existing paths.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The invocation text is broad enough to trigger this skill for generic data-analysis tasks rather than specifically for Lipinski Rule-of-Five filtering. In an agent setting, overly broad routing can cause unintended skill selection, scope drift, and processing of inputs outside the intended biochemical context, which is a real security and safety concern even though this file is an audit artifact rather than executable code.

Unpinned Dependencies

Low

Category: Supply Chain
Content: rdkit-pypi
Confidence: 97% confidence
Finding: rdkit-pypi

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal