Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
DNA
v1.0.0Biological code execution and genomic intelligence system. Translates raw A-T-C-G sequences into actionable health, longevity, and pharmacogenomic protocols....
⭐ 0· 332·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name and description state this skill will ingest and interpret raw genomic data (FASTQ/VCF), perform decryption and clinical-grade analyses, and produce health/pharmacogenomic protocols. However, the skill declares no required credentials, no config paths, and no binaries. A tool that actually performs these tasks would normally require access to local files, decryption keys or key-management, and/or API keys for clinical databases; those requirements are missing, which is an incoherence.
Instruction Scope
SKILL.md gives high-level architecture (ingestion, local decryption, feature extraction, anonymized benchmarking) and use-case examples but contains no concrete runtime instructions (no file paths to read, no commands to run, no endpoints to contact, no key handling procedures). It implicitly instructs the agent to access very sensitive data (raw genomic files, clinical comparisons) but leaves implementation details vague, granting the agent broad discretion — a risky and unclear instruction surface for handling highly sensitive personal data.
Install Mechanism
There is no install spec and no code files, so nothing will be written to disk or executed by an installer. That reduces the supply-chain/install risk. However, being instruction-only means all runtime behavior depends on how the agent implements these prose instructions, which is where the real risk lies.
Credentials
The skill requests no environment variables or credentials, yet it asserts it will perform local decryption and access '2026 clinical grade databases' and anonymized benchmarking datasets. Performing those actions typically requires decryption keys, access tokens, or dataset endpoints. The absence of declared credentials or data-access requirements is disproportionate and unexplained.
Persistence & Privilege
The skill is not marked always:true and does not request persistent system-level changes. Autonomous invocation is allowed (platform default), but there is no indication the skill modifies other skills or system settings.
What to consider before installing
This skill promises to handle extremely sensitive genomic data but provides no concrete details about where files come from, how decryption keys are managed, or which external datasets/endpoints will be used. Before installing or using it: (1) do not upload raw genomic files or give access to your DNA data until the author provides concrete implementation details and code; (2) ask the author for exact data flows: which file paths or storage providers are used, how and where decryption keys are stored/used, and what external endpoints or databases will be contacted; (3) request the processing code or a security/privacy whitepaper that explains their 'zero-knowledge' enclave and how anonymous benchmarking is implemented and audited; (4) consider regulatory and medical risks — genomic interpretations can affect health decisions, so confirm the skill's claims about 'clinical-grade' databases and whether outputs are intended as medical advice; (5) if you must test, do so with synthetic or redacted data and in an environment you control. The current description is ambiguous and gives the agent wide latitude to access sensitive data without specifying safeguards.Like a lobster shell, security has layers — review code before you run it.
biovk973gxdnm9g6nbw651zhbyve8582hjbrdnavk973gxdnm9g6nbw651zhbyve8582hjbrgeneticsvk973gxdnm9g6nbw651zhbyve8582hjbrhealthvk973gxdnm9g6nbw651zhbyve8582hjbrlatestvk973gxdnm9g6nbw651zhbyve8582hjbrlongevityvk973gxdnm9g6nbw651zhbyve8582hjbr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.