Back to skill

Security audit

Crispr Grna Designer

Security checks across malware telemetry and agentic risk

Overview

This skill does not look malicious, but it presents CRISPR guide design as real while the included implementation silently uses mock sequence data and simulated off-target checks.

Install only for demonstration, education, or code review unless you independently verify the implementation. Do not use its guide RNA, efficiency, or off-target outputs for experiments until it performs real gene/exon retrieval, real genome-wide off-target analysis, clear mock-mode labeling, tests/benchmarks, and pinned dependency resolution.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (13)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The function advertises Ensembl-backed sequence retrieval but always returns hard-coded mock data, which can cause users to design gRNAs against the wrong locus while believing the output is biologically valid. In a genome-editing skill, silent substitution of fake reference data is safety-relevant because it can directly lead to incorrect experimental designs and misleading downstream decisions.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The code claims off-target prediction but only returns a hard-coded simulated hit for one sequence pattern, giving users false assurance that guides have been screened. For CRISPR design, inaccurate off-target analysis is a material safety issue because users may select guides with unrecognized genomic off-target activity.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger description is broad enough that the skill could activate for many genome-editing or analysis requests without clear limits. In a high-risk skill that can invoke scripts, call external APIs, and write files, overbroad activation increases the chance of unintended execution, misuse in unsafe contexts, or being selected when a safer/read-only skill would suffice.

Unpinned Dependencies

Low
Category
Supply Chain
Content
bio
biopython
dataclasses
numpy
Confidence
97% confidence
Finding
bio

Unpinned Dependencies

Low
Category
Supply Chain
Content
bio
biopython
dataclasses
numpy
pandas
Confidence
98% confidence
Finding
biopython

Unpinned Dependencies

Low
Category
Supply Chain
Content
bio
biopython
dataclasses
numpy
pandas
pysam
Confidence
93% confidence
Finding
dataclasses

Unpinned Dependencies

Low
Category
Supply Chain
Content
bio
biopython
dataclasses
numpy
pandas
pysam
requests
Confidence
98% confidence
Finding
numpy

Unpinned Dependencies

Low
Category
Supply Chain
Content
biopython
dataclasses
numpy
pandas
pysam
requests
Confidence
98% confidence
Finding
pandas

Unpinned Dependencies

Low
Category
Supply Chain
Content
dataclasses
numpy
pandas
pysam
requests
Confidence
97% confidence
Finding
pysam

Unpinned Dependencies

Low
Category
Supply Chain
Content
numpy
pandas
pysam
requests
Confidence
99% confidence
Finding
requests

Known Vulnerable Dependency: biopython — 1 advisory(ies): CVE-2025-68463 (Biopython is vulnerable to doctype XML external entity (XXE) injection through B)

Low
Category
Supply Chain
Confidence
82% confidence
Finding
biopython

Known Vulnerable Dependency: numpy — 10 advisory(ies): CVE-2014-1859 (Numpy arbitrary file write via symlink attack); CVE-2021-41495 (NumPy NULL Pointer Dereference); CVE-2021-33430 (NumPy Buffer Overflow (Disputed)) +7 more

Critical
Category
Supply Chain
Confidence
71% confidence
Finding
numpy

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
88% confidence
Finding
requests

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.