Skillv1.5.0

ClawScan security

Protein Phylogeny · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 26, 2026, 4:33 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose and requested tools match a legitimate protein-phylogeny workflow, but there are inconsistencies in the provided files/instructions (missing helper scripts referenced by the automation, and an unreviewed install script) that could cause failures or hide risky behavior — inspect the install script and missing files before running.
Guidance: This package mostly looks like a legit protein phylogeny workflow, but before installing or running it you should: (1) open and review scripts/install_dependencies.sh to confirm it installs packages from trusted sources (conda/bioconda, official GitHub releases) and does not download or execute arbitrary code from unknown servers; (2) verify that all helper scripts invoked by the shell scripts actually exist (the QC shell script references several Python helpers that are not visible in the manifest) — missing files could cause fallback behavior or indicate an incomplete package; (3) run the workflow in an isolated environment (container or VM) to limit impact if the install script is unsafe; (4) confirm any network activity (wget, API calls) is to expected bioinformatic services (UniProt, GitHub) and not to private/personal endpoints; and (5) if you need higher assurance, request the full contents of scripts/install_dependencies.sh and the referenced helper Python scripts (filter_by_evidence.py, filter_by_length.py, etc.) so they can be reviewed for unexpected behavior or data exfiltration.

Review Dimensions

Purpose & Capability: okName, description, high-level workflow and declared dependencies (CD-HIT, MAFFT, trimAl, IQ-TREE, Python, R) are coherent with a protein family phylogenetic analysis tool. The scripts and reference docs describe exactly the expected stages (QC, conservation, coevolution, phylogeny, visualization).
Instruction Scope: concernThe SKILL.md and reference docs instruct the agent to run local scripts (bash scripts and a Python 'complete_analysis.py') which is appropriate. However several automation steps and scripts referenced in the docs (e.g., scripts/filter_by_evidence.py, scripts/filter_by_length.py, scripts/filter_complexity.py, scripts/validate_motifs.py, scripts/validate_final.py) are invoked by scripts/01_quality_control.sh and appear in documentation, yet those helper Python scripts are not present in the visible file manifest. This mismatch means the workflow may fail or hide where logic actually runs. The TESTING.md and other docs also include commands that fetch data from external endpoints (UniProt) — expected for this domain — but the instructions give the agent broad discretion to download and install tools without explicit safeguards.
Install Mechanism: noteThere is no formal install spec for the skill (it is effectively instruction+scripts), which reduces automated risk but requires the user/agent to run scripts/install_dependencies.sh manually. That script's contents were not provided in the excerpts; an install script that installs binaries (or downloads binaries) can be high-risk if it pulls from untrusted URLs. The TESTING.md shows example installation commands that use conda/apt/GitHub releases (reasonable), but you should inspect scripts/install_dependencies.sh before running it.
Credentials: okThe skill requests no environment variables, credentials, or config paths. The dependencies and external endpoints referenced (UniProt, GitHub releases) are relevant to the stated purpose. No unrelated secrets or broad credential requests are present in the provided materials.
Persistence & Privilege: okThe skill does not request always:true and has no special persistence or system-wide privilege in the metadata. It is user-invocable and can be run manually; autonomous invocation is allowed (platform default) but not combined with other high-risk indicators here.