Chemistry Query
ReviewAudited by ClawScan on May 10, 2026.
Overview
The core chemistry tools match the stated purpose, but an included UI would open a public Gradio share link by default and some optional runtime dependencies are not clearly pinned or declared.
Use this skill for non-confidential chemistry queries. Do not run chem_ui.py unless you intend to expose a public Gradio interface or have changed it to share=False. Assume compound names, SMILES, and search terms may be sent to public providers such as PubChem, and pin or verify any optional dependencies before installing them.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the UI is started, confidential compound structures or SMILES entered into it may traverse a third-party public sharing service, and anyone with the link could invoke the local analysis function until it is stopped.
Launching Gradio with share=True creates a public share tunnel when this file is run, but the skill documentation does not clearly disclose that a public UI may be exposed.
if __name__ == "__main__":
iface.launch(share=True)Change the default to share=False, document any public sharing explicitly, and require user opt-in plus access controls before exposing the UI.
Public or non-sensitive chemistry queries are appropriate, but proprietary compound names or structures would leave the local machine.
The skill sends compound identifiers and sometimes SMILES data to PubChem, which is consistent with its stated PubChem query purpose.
base_url = "https://pubchem.ncbi.nlm.nih.gov/rest/pug"
Use the skill only with data you are comfortable sending to public chemistry providers, or add a user confirmation step for confidential compounds.
A user who follows this optional setup path may run code that was not included in the reviewed artifacts.
An optional helper references a missing external jar and suggests a manual download without checksum or pinning in an install spec.
opsin.jar missing—wget https://github.com/dan2097/opsin/releases/download/v2.8.0/opsin-core-2.8.0.jar
Declare optional dependencies in metadata or an install spec, pin versions, and provide checksums or a trusted package source.
Running the chain will execute local Python helpers and create molecule image files on disk.
The chain entry point invokes local helper scripts and writes visualization files; this is expected for the stated RDKit visualization workflow and uses argument lists rather than shell execution.
subprocess.run([sys.executable, os.path.join(script_dir, 'rdkit_mol.py'), '--smiles', canonical_smiles, '--action', 'draw', '--output', png_path]
Keep these actions user-directed, disclose generated file locations, and avoid allowing untrusted remote users to trigger them through the public UI.
Users may place too much trust in generated synthesis or chemistry outputs if they see high confidence and no risks.
The chain output uses a fixed high confidence and empty risks list after generating chemistry analyses, which may overstate the reliability or safety of heuristic retrosynthesis results.
confidence = 0.95 risks = []
Label outputs as heuristic, avoid fixed confidence values, and include clear limitations and safety caveats for synthesis-related results.