Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Variant Annotation
v1.0.0Query and annotate gene variants from ClinVar and dbSNP databases. Trigger when: - User provides a variant identifier (rsID, HGVS notation, genomic coordinat...
⭐ 0· 331·0 current·1 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description and the code align on querying ClinVar and dbSNP via NCBI E-utilities and computing ACMG scores. However, SKILL.md promises population allele frequencies from gnomAD/ExAC/1000G and functional predictions (SIFT, PolyPhen, CADD). The provided code shows only NCBI E-utilities calls (ClinVar and dbSNP) and does not include integrations or downloads for gnomAD, ExAC, 1000 Genomes, or functional prediction APIs, so those claimed capabilities appear unimplemented or incomplete.
Instruction Scope
SKILL.md instructs local usage (importing the Python class or running the script) and mentions batch/VCF input. The runtime instructions and code only call NCBI endpoints; they do not instruct reading unrelated system files or external endpoints beyond NCBI. That scope is appropriate, but the doc's broad list of data sources and computed outputs is larger than what the code implements — the agent could therefore report values that are estimated or absent unless additional data-fetching is added.
Install Mechanism
This is instruction-only / script-based with no install spec and a minimal requirements.txt (dataclasses). No external installers, downloads, or unusual repository fetches are present — low install risk.
Credentials
No required environment variables or credentials are declared. The VariantAnnotator constructor accepts an optional NCBI API key (appropriate and optional for higher rate limits). No unrelated secrets or system config paths are requested.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills or system-wide agent settings. It runs as a standalone script/class and does not demand persistent elevated privileges.
What to consider before installing
This skill appears to genuinely query ClinVar and dbSNP and compute ACMG-style scores, but the documentation advertises additional data sources (gnomAD, ExAC, 1000 Genomes) and functional predictors (SIFT, PolyPhen, CADD) that the code does not clearly fetch or compute. Before installing or relying on it:
- Do not treat outputs as clinical-grade without independent validation; this is not a substitute for professional genetic interpretation.
- Review scripts/main.py fully (the repo content appears truncated in places) to confirm which external APIs are actually called and how allele frequencies/predictions are derived.
- If you need gnomAD or CADD results, verify that those APIs or local database files are integrated — otherwise the tool may produce incomplete annotations.
- Keep sensitive genomic data private: batch/VCF uploads contain health information. Confirm the tool only sends queries to NCBI endpoints and that you are comfortable with that network traffic.
- If you plan to provide an NCBI API key, supply it via a secure mechanism (not hard-coded).
- Consider running the script on test cases from references/example-variants.md to confirm expected outputs and to detect any missing evidence sources or mismatches between documentation and behavior.Like a lobster shell, security has layers — review code before you run it.
Genevk978kfadk0n4ynhx9z4ddppx19820ffsVariantvk978kfadk0n4ynhx9z4ddppx19820ffslatestvk978kfadk0n4ynhx9z4ddppx19820ffs
License
MIT-0
Free to use, modify, and redistribute. No attribution required.