Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
GO/KEGG Enrichment
v1.0.0Performs GO (Gene Ontology) and KEGG pathway enrichment analysis on gene lists. Trigger when: - User provides a list of genes (symbols or IDs) and asks for e...
⭐ 0· 334·2 current·2 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the included code: the repo provides a script to perform GO/KEGG enrichment and visualization. However, the SKILL.md repeatedly describes an R/Bioconductor pipeline (clusterProfiler, org.*.eg.db) while the included script (scripts/main.py) is a pure-Python pipeline using gseapy. Both Python and R dependencies appear in documentation/requirements files, which is inconsistent but could be bookkeeping/sloppiness rather than malicious.
Instruction Scope
Instructions are within the stated functional scope (read a gene list, run enrichment, write results/plots). They expect network access for Enrichr/KEGG queries. Inconsistencies: SKILL.md and the risk table contain contradictory statements about network/API usage (mentions KEGG REST API but also states 'No external API calls' in a truncated table). No instructions attempt to read unrelated system files, sensitive environment variables, or contact unknown endpoints.
Install Mechanism
There is no automatic install spec (instruction-only install), so nothing is downloaded or executed implicitly by the platform. The package includes requirements.txt and references/requirements.txt listing Python libraries (gseapy, pandas, etc.) and documentation that lists R/Bioconductor packages; installation is manual. This is low install-mechanism risk, though the user will need to install Python packages (and possibly R packages if they follow the R instructions).
Credentials
The skill requests no environment variables or credentials. Network access to public enrichment services (Enrichr, KEGG) is expected for normal operation. There are no requests for unrelated secrets or system config paths.
Persistence & Privilege
The skill is not always-enabled and is user-invocable; it does not request elevated/persistent platform privileges. It does not attempt to modify other skills or system-wide settings.
What to consider before installing
This package appears to implement GO/KEGG enrichment, but there are inconsistencies you should resolve before running it: (1) Decide whether you intend to use an R/clusterProfiler pipeline or the provided Python script (scripts/main.py uses gseapy). The README/SKILL.md mixes both—follow the actual script or ask the author to clarify. (2) Expect network calls to Enrichr/KEGG when using online options; do not submit confidential gene lists if privacy is a concern. (3) Install Python dependencies from requirements.txt in a virtual environment; if you follow the R instructions they are separate and unnecessary for the Python script. (4) Verify KEGG usage terms for your use case (academic vs commercial). (5) Run the code in an isolated environment (virtualenv or container) and inspect outputs before trusting automated interpretation. If you need higher assurance, ask the publisher to clarify the R vs Python discrepancy and to provide an explicit install/run README matching the actual code.Like a lobster shell, security has layers — review code before you run it.
Data-analysisvk9759fj65saqdga4879e4m3w518215tmEnrichment analysisvk9759fj65saqdga4879e4m3w518215tmGO/KEGGvk9759fj65saqdga4879e4m3w518215tmlatestvk9759fj65saqdga4879e4m3w518215tm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.