ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Western Blot Quantifier

v1.0.0

Automatically identify Western Blot gel bands, perform densitometric analysis, and calculate normalized values relative to loading controls.

0· 20·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md describes full-featured band detection, densitometry, normalization, CSV export, a WesternBlotQuantifier class and CLI flags (e.g. --input, --reference), and lists many image-processing dependencies. The shipped code is a small script defining a WBQuantifier class with only basic demo support and a different CLI (--image, --lanes, --demo). Several claimed capabilities (export, structured return object, background correction methods, scikit-image/OpenCV usage) are not implemented.
!
Instruction Scope
SKILL.md instructs users/agents to import and call WesternBlotQuantifier and to run CLI options that do not exist in the provided script. The docs and usage examples reference functions, return types, and parameters that the code doesn't provide. Instructions to run python -m py_compile scripts/main.py are reasonable, but following the SKILL.md workflow would fail or produce misleading results because of API mismatches.
Install Mechanism
No install spec is provided (instruction-only), but a requirements.txt is included listing several image-processing libraries. That is reasonable for the claimed purpose, but because no install step is declared, an agent may not install dependencies automatically. The requirements list is broader than what the included code actually needs.
Credentials
The skill requests no environment variables, credentials, or config paths. There is no evidence of requests for unrelated secrets or environment access.
Persistence & Privilege
The skill is not marked always:true and does not request elevated or persistent privileges. It does not modify other skills or system-wide configurations.
What to consider before installing
This package appears incomplete or inconsistently packaged rather than obviously malicious, but it will likely fail if run as-is. Before installing or running it: 1) Inspect scripts/main.py locally — run python -m py_compile scripts/main.py and run the demo (--demo) in an isolated virtualenv to observe behavior. 2) Do not run this on sensitive systems or with production data; use an isolated environment. 3) Note the API mismatches: SKILL.md expects a WesternBlotQuantifier class and richer outputs, but the code defines WBQuantifier and a minimal CLI. 4) If you need the claimed features, request an updated package from the author or fix the package: align exported names in scripts/__init__.py, implement the missing classes/methods, and/or reduce the documentation to reflect actual functionality. 5) If you cannot validate these fixes, treat the skill as untrusted or incomplete and avoid using it on important data. If you want, provide me with the output of running the demo or py_compile errors and I can help identify exactly what to change.

Like a lobster shell, security has layers — review code before you run it.

latestvk976pph2ckh28wtrh1p61wa69s842vne

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments