Security checks across malware telemetry and agentic risk
This appears to be a legitimate molecular docking workflow, but crafted filenames or output paths could make it run unintended local commands.
Review before installing. Use only trusted molecule files and ligand names, avoid paths or names containing quotes, shell metacharacters, slashes, backticks, $(), or .., and run it in a dedicated conda or virtual environment. Prefer a patched version that sanitizes names and replaces shell=True command strings with argument-list subprocess calls.
except Exception as e:
print(f" WARNING Meeko failed for {Path(sdf_path).name}, fallback to Open Babel: {e}")
cmd = f'obabel "{sdf_path}" -O "{out_pdbqt}" --partialcharge gasteiger -h'
result = subprocess.run(cmd, shell=True, capture_output=True)
return result.returncode == 0out_pdbqt = out_dir / "protein_prepared.pdbqt"
cmd = f'obabel "{temp_pdb}" -O "{out_pdbqt}" -xr -h --partialcharge gasteiger'
result = subprocess.run(cmd, shell=True, capture_output=True, text=True)
if temp_pdb.exists():
os.remove(temp_pdb)def merge_complex_obabel(protein_pdb: str, ligand_pdb: str, out_complex: str) -> bool:
"""Merge protein and ligand PDBs into a complex using Open Babel."""
cmd = f'obabel "{protein_pdb}" "{ligand_pdb}" -O "{out_complex}" --sort'
result = subprocess.run(cmd, shell=True, capture_output=True)
return result.returncode == 064/64 vendors flagged this skill as clean.