OpenBio

Security checks across malware telemetry and agentic risk

Overview

OpenBio appears purpose-built for bioinformatics, but it sends potentially sensitive biological or clinical data to a hosted API and includes broad update and file-editing behaviors that need careful review.

Install only if you are comfortable sending biological queries, sequences, structures, molecule designs, job metadata, and API credentials to OpenBio's hosted service. Do not use it with PHI, patient-linked genomic data, confidential research, proprietary compounds, or export-controlled material unless your organization has approved the service. Prefer explicit output_path values for plasmid edits, review any update/reinstall command before running it, and avoid granting the skill to all agents unless that is intentional.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (70)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The file upload examples encourage sending local biological structure files and associated job/query data to a third-party API but do not warn about privacy, consent, or data-governance constraints. In this skill context, users may handle unpublished research data, patient-adjacent data, or proprietary sequences, so omission of a data-handling warning can lead to accidental disclosure.

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The authentication section tells users to place an API key in request headers but does not include any warning about secret handling, storage, or exposure in shell history, logs, screenshots, or shared scripts. While not an exploit by itself, this omission increases the risk of credential leakage and downstream unauthorized API use.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The documentation instructs users to submit biomolecular inputs and authenticated job requests to a remote API, but it does not disclose privacy, retention, jurisdiction, or handling risks for potentially sensitive research or clinical sequence data. In a bioinformatics context, these inputs can include proprietary sequences, ligand designs, or patient-associated variant data, so omission of data-handling warnings creates a real confidentiality risk.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The documentation includes concrete curl examples that send potentially sensitive biological design inputs and an API credential to a remote third-party service, but it does not clearly warn users that their sequences, structures, ligands, and metadata leave the local environment. In a bioinformatics context, those inputs may be proprietary, unpublished, or regulated, so omission of an explicit data-transfer notice creates a real confidentiality and compliance risk.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The file includes concrete curl examples that submit molecular sequence/structure inputs to a remote OpenBio API, but it does not explicitly warn users that potentially sensitive biological data will leave the local environment. In a bioinformatics context, uploaded sequences, ligands, or clinical/variant-related inputs may be proprietary, unpublished, or regulated, so omission of a clear disclosure creates a real data-exposure risk.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The documentation repeatedly instructs users to send SMILES strings, compound identifiers, and search queries to a third-party API using an authenticated request, but it never warns that these inputs may contain proprietary or sensitive research data. In a cheminformatics context, molecular structures and project queries can be confidential intellectual property, so omission of a transmission/privacy warning creates a real data-exposure risk.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill handles clinical, variant, and drug-safety queries yet does not prominently warn that submitted prompts and parameters may contain sensitive patient or health-related information sent to an external API. In a clinical-data context, that omission increases the risk that users will transmit PHI/PII, genomic coordinates, or case details without informed consent or appropriate minimization.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The document instructs users to send genomics queries, gene identifiers, variants, disease traits, and dataset searches to an external API, but it does not warn that such inputs may contain sensitive research or potentially identifiable human genomic information. In a genomics context, external transmission is more sensitive than ordinary search traffic because variants, disease associations, and sample-linked queries can carry privacy, consent, or regulatory implications.

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The examples require an API key for a third-party service but provide no warning about protecting credentials or about the fact that requests are sent off-platform. While the snippet does not directly leak the key, omission of credential-handling guidance can lead users to expose secrets in logs, screenshots, shared notebooks, or shell history.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The documentation repeatedly instructs users to upload local protein structure files to a third-party API but does not explicitly warn that biological structure data, sequences, ligand context, and possibly proprietary design inputs are being transmitted off-system. In a bioinformatics/clinical research context, this can expose sensitive or unpublished data and create compliance, confidentiality, or IP risks even if the endpoint itself is legitimate.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The file repeatedly demonstrates sending user-supplied literature queries and identifiers to an external OpenBio API while authenticating with an API key, but it provides no user-facing disclosure that prompts and metadata will leave the local environment. This is a real security/privacy issue because users may paste unpublished research topics, proprietary targets, or sensitive clinical search terms into these tools without understanding that the content is transmitted to a third-party service.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The file includes numerous examples that send DNA sequences, primer sequences, and construct designs to a remote API but never warns users that their biological data will leave the local environment. In this domain, sequence data may be proprietary, unpublished, patient-related, or otherwise sensitive, so silent transmission creates a real confidentiality and compliance risk.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The document instructs users to send free-form protein design prompts and local structure file paths to a third-party API but does not disclose that this is an external transmission or warn about confidentiality implications. In a bioinformatics context, prompts, target descriptions, and structure references may contain proprietary research, unpublished designs, or sensitive biological information, so omission of a disclosure notice can lead to unintended data leakage.

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The documentation presents `edit_plasmid` examples that default to in-place modification of GenBank files, while the destructive behavior is only called out much later in a 'Common Mistakes' section. In an agent/tooling context, examples strongly influence behavior, so this can cause accidental irreversible overwrites of user plasmid files and loss of scientific data.

Missing User Warnings

Low

Confidence: 87% confidence
Finding: The file repeatedly provides example commands that send potentially sensitive biological sequences, identifiers, and queries to a third-party API using an API key, but it does not explicitly warn users that their inputs will leave the local environment. In a bioinformatics context this may expose unpublished sequences, proprietary targets, or regulated research data through normal usage rather than an overt exploit.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The file includes multiple API usage examples that instruct users to POST protein structure paths and design parameters to a remote OpenBio endpoint, but it does not clearly warn that biological data and job metadata are being transmitted off-platform. In a bioinformatics context, uploaded structures, sequences, or associated project data may be proprietary, unpublished, regulated, or sensitive, so omission of an explicit disclosure meaningfully increases the risk of unintended data exfiltration.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The documentation instructs users to submit raw protein sequences to a third-party remote API but provides no privacy, retention, confidentiality, or consent guidance. Biological sequences can be proprietary, unpublished, or sensitive in some research and commercial contexts, so omission of data-handling warnings creates a real risk of unintended disclosure.

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The examples instruct users to send a local protein structure path and API-authenticated request to a remote OpenBio endpoint, but the document does not explicitly warn that structure data and related metadata are being transmitted off-box. In a bioinformatics context, uploaded structures may be proprietary, unpublished, or tied to sensitive research workflows, so the omission can lead to inadvertent data disclosure rather than an exploit in the traditional sense.

External Transmission

Medium

Category: Data Exfiltration
Content: ### Submit Prediction ```bash curl -X POST "https://api.openbio.tech/api/v1/tools" \ -H "X-API-Key: $OPENBIO_API_KEY" \ -F "tool_name=submit_boltz_prediction" \ -F 'params={
Confidence: 85% confidence
Finding: https://api.openbio.tech/

External Transmission

Medium

Category: Data Exfiltration
Content: -H "X-API-Key: $OPENBIO_API_KEY" # Get results with download URLs curl -X GET "https://api.openbio.tech/api/v1/jobs/{job_id}" \ -H "X-API-Key: $OPENBIO_API_KEY" ```
Confidence: 79% confidence
Finding: https://api.openbio.tech/

External Transmission

Medium

Category: Data Exfiltration
Content: # Should return: "completed" # Verify output files exist curl -s "https://api.openbio.tech/api/v1/jobs/{job_id}" \ -H "X-API-Key: $OPENBIO_API_KEY" | jq '.output_files_signed_urls | keys' # Should list: structure files, confidence.json ```
Confidence: 78% confidence
Finding: https://api.openbio.tech/

External Transmission

Medium

Category: Data Exfiltration
Content: ### Basic Protein Binder Design ```bash curl -X POST "https://api.openbio.tech/api/v1/tools" \ -H "X-API-Key: $OPENBIO_API_KEY" \ -F "tool_name=submit_boltzgen_prediction" \ -F 'params={
Confidence: 84% confidence
Finding: https://api.openbio.tech/

External Transmission

Medium

Category: Data Exfiltration
Content: ### Peptide Design ```bash curl -X POST "https://api.openbio.tech/api/v1/tools" \ -H "X-API-Key: $OPENBIO_API_KEY" \ -F "tool_name=submit_boltzgen_prediction" \ -F 'params={
Confidence: 84% confidence
Finding: https://api.openbio.tech/

External Transmission

Medium

Category: Data Exfiltration
Content: ### Small Molecule Binder ```bash curl -X POST "https://api.openbio.tech/api/v1/tools" \ -H "X-API-Key: $OPENBIO_API_KEY" \ -F "tool_name=submit_boltzgen_prediction" \ -F 'params={
Confidence: 85% confidence
Finding: https://api.openbio.tech/

External Transmission

Medium

Category: Data Exfiltration
Content: **calculate_molecular_properties** - Get drug-like properties ```bash curl -X POST "https://api.openbio.tech/api/v1/tools" \ -H "X-API-Key: $OPENBIO_API_KEY" \ -F "tool_name=calculate_molecular_properties" \ -F 'params={"smiles": "CC(=O)Oc1ccccc1C(=O)O"}'
Confidence: 91% confidence
Finding: https://api.openbio.tech/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal