ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Neoantigen Predictor

v1.0.0

Generate NIH Biosketch documents compliant with the 2022 OMB-approved.

0· 40·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Registry metadata (name: 'Neoantigen Predictor', slug: 'neoantigen-predictor') conflicts with the SKILL.md and scripts which implement 'nih-biosketch-builder' (NIH biosketch generation). This mismatch suggests repackaging or mislabeling — a skill claiming one capability but containing unrelated code is incoherent and potentially misleading.
Instruction Scope
SKILL.md's runtime instructions are scoped to validating inputs, running scripts/main.py, and optionally importing PubMed data. The instructions explicitly mention network access to PubMed and writing DOCX output; they do not request unrelated system files or credentials. This scope is consistent with the biosketch purpose, but it does not match the registry name.
Install Mechanism
No install spec is provided (instruction-only packaging with an included script). Dependencies are standard Python packages (python-docx, requests) listed in requirements.txt — no external downloads, URL fetches for code, or archive extraction in the install metadata.
Credentials
The skill requires no environment variables, no credentials, and no special config paths. The included code uses requests to call NCBI PubMed APIs (expected for auto-importing publications) and writes DOCX files — these are proportionate to the declared biosketch functionality.
Persistence & Privilege
Skill is not always-on, has no elevated persistence flags, and does not declare changes to other skills or global agent configuration. Autonomous invocation is enabled by default but is not combined here with broad credentials or always:true.
What to consider before installing
Do not assume this package provides a neoantigen prediction tool — the name/slug and the shipped content disagree. Before installing or running: (1) confirm with the publisher which functionality you intended to get; (2) inspect scripts/main.py yourself (you can run python -m py_compile scripts/main.py to check syntax); (3) run the script in a sandboxed environment or container if you need to execute it; (4) expect the script to contact NCBI/Entrez (network access) and to read a JSON input and write a DOCX output; (5) if you expected a neoantigen predictor, reject this package and ask for the correctly labeled skill or a verified source. The mismatch in name/metadata and unknown source are the main reasons for caution.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ckg2y3mmmb4h5a9s2g84cmd83xpm8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments