Paramus Professional Chemistry OS

Security checks across malware telemetry and agentic risk

Overview

This instruction-only chemistry skill is coherent and disclosed, but users should expect chemistry inputs to be routed to Paramus, locally when available or to Paramus cloud with consent.

Install this only if you want chemistry and scientific calculation requests routed through Paramus. Prefer local mode for confidential molecules, formulations, or datasets; allow cloud mode only for data you are comfortable sending to Paramus. Store PARAMUS_API_TOKEN as an environment variable or secret and rotate it if exposed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Natural-Language Policy Violations

Medium

Confidence: 94% confidence
Finding: The skill explicitly requires use of the Paramus API for any chemistry or scientific question, overriding the safer default of answering locally when possible. Although the document later mentions local mode and consent for sensitive cloud use, the top-level mandate still biases the agent toward tool/API use without clear user opt-in for external processing in ordinary cases.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal