Refua
Security checks across malware telemetry and agentic risk
Overview
This skill is a coherent drug-discovery computing helper that discloses its package installs, model downloads, and local MCP server use.
Install it only in a trusted Python environment, preferably isolated, and verify the refua and refua-mcp package sources before running the local server. Avoid using confidential molecular structures unless you trust the installed packages and understand where the MCP server stores logs, caches, and downloaded assets.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
39/39 vendors flagged this skill as clean.