Back to skill
Skillv1.0.0
VirusTotal security
Chemistry Query · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:05 AM
- Hash
- 2c79dacd6020ab1211c6074e60fde460bb816c75a84b947401adae5621b7fe9b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: chemistry-query Version: 1.0.0 The skill is classified as suspicious due to a significant supply chain vulnerability identified in `scripts/opsin_name_to_smiles.py`. This script attempts to execute an external Java JAR (`opsin.jar`) and, if missing, prints an error message instructing the user to `wget` the JAR from a GitHub release URL. While the script itself passes input safely to the JAR, the reliance on manual, unverified download instructions for an external binary (without checksums or package management) creates a critical supply chain risk, allowing for potential arbitrary code execution if the external resource were compromised. Additionally, `chem_ui.py` uses `iface.launch(share=True)` which can expose the Gradio interface publicly, posing a minor security risk.
- External report
- View on VirusTotal