ClawHub

Toxicity Structure Alert

v1.0.0

Analyze data with `toxicity-structure-alert` using a reproducible workflow, explicit validation, and structured outputs for review-ready interpretation.

0· 33·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description ask for structural toxicity scanning and the package contains a Python script that compiles SMARTS patterns and (when available) uses RDKit to substructure-match SMILES. Declared dependency on RDKit and Python 3.8+ is appropriate and proportional to the stated purpose.
Instruction Scope
SKILL.md limits runtime actions to compiling and running scripts/main.py with SMILES input, asks for explicit confirmation of inputs, and recommends smoke checks. It does not instruct reading unrelated system files or sending data to external endpoints. The doc mentions editing an in-file CONFIG block — verify that any CONFIG only contains local settings and not credentials or remote endpoints before editing.
Install Mechanism
There is no install spec (instruction-only skill plus an included script). The requirements.txt names rdkit (and trivial helpers), which is expected for this functionality. No downloads or archive extraction from untrusted URLs are present.
Credentials
The skill declares no required environment variables, no primary credential, and no config paths. The reviewed portions of scripts/main.py do not reference environment variables or network endpoints. This matches the skill's local-analysis purpose.
Persistence & Privilege
always is false and the skill does not request elevated or persistent platform privileges. Autonomous invocation is allowed (platform default) but not a red flag here given the skill's confined scope and lack of credential access.
Assessment
This skill appears coherent for local structural-toxicity scanning. Before installing/running: 1) Review the full scripts/main.py file (especially any CONFIG block) to confirm there are no hidden network calls, credential reads, or unexpected file writes; the prompt showed only part of the file. 2) Install RDKit from an official source or your package manager (RDKit can be large and sometimes is not installable via a simple pip install). 3) Run the recommended smoke checks (python -m py_compile scripts/main.py and python scripts/main.py --help) and test with non-sensitive sample SMILES. 4) If you must run on private or regulated data, run the skill in an isolated environment (container or VM) and confirm outputs match expectations. If you want, I can scan the full main.py for networking, subprocess, or os.environ usage if you paste the remainder of the file.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fe9pr3szvz4am54ynfay08d8406e6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments