Crispr Grna Designer
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is not clearly malicious, but it presents real CRISPR design and validation capabilities while the visible code uses mock and simulated biological data.
Review this carefully before installing. It appears safe from credential or persistence abuse, but the CRISPR results should be treated as demonstration output, not validated experimental guidance, until the real data sources, off-target analysis, tests, and benchmarks are provided.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could receive realistic-looking guide RNA recommendations and off-target counts that are not based on the requested real gene/genome data.
The core biological data retrieval and off-target prediction are mock/simulated in the visible code, while SKILL.md describes real Ensembl retrieval, Bowtie2/BWA off-target prediction, and CRISPR guide design.
fetch_gene_sequence(): "In production, this would query Ensembl. For demo, returns mock data." ... check_off_targets(): "For demo, returns simulated off-target data."
Treat this as a demo only. Do not use results for experimental CRISPR work unless real sequence retrieval, genome alignment, and validation are implemented and clearly disclosed.
Users may believe the tool is empirically validated and more reliable than the provided artifacts demonstrate.
The supplied artifacts do not include test or benchmark files, and the visible implementation uses mock/simulated data, so these validation claims are not supported by the provided package.
"Unit tests: 85% coverage for core algorithms" and "Benchmark: Tested against GUIDE-seq validated dataset (n=1,200 guides)"
Provide the actual tests, benchmark data/results, and clear validation limits, or remove/qualify these claims.
Installing unpinned packages can produce different behavior over time or pull in unexpected package versions.
The Python dependencies are listed without pinned versions or hashes. This is common for prototype scientific tools, but it leaves dependency resolution to the user's environment.
bio biopython dataclasses numpy pandas pysam requests
Install in a virtual environment and prefer pinned, reviewed dependency versions.
Running the tool executes local Python code and may write result files.
The skill is designed to run a local Python script. That is expected for a bioinformatics tool and the examples are user-directed, not hidden automatic execution.
python scripts/main.py --gene TP53 --exon 4 --output results.json
Run it only from a trusted checkout, in an isolated environment, and review output paths before execution.