ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Drug Team

v1.0.0

Coordinates specialized AI agents to design novel drug candidates with synthesis routes, inventory checks, ADMET/Tox evaluation, pharmacology scoring, and pa...

0· 223·2 current·2 all-time
by@cheminem
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (orchestrating chemistry, synthesis, inventory, ADMET, patent scouting) aligns with the included code and dependencies (RDKit, BS4, integration hooks). However the code reaches into sibling skill directories (e.g., skills/chemistry-query, skills/synth-notebook, skills/lab-inventory) via relative filesystem traversal — this is a non-obvious design choice that requires those other skills to be present and gives the skill access to other skill files. The presence of a venv/pyvenv.cfg file in the package but no install spec is also unexpected.
!
Instruction Scope
SKILL.md instructs running scripts/orchestrate.py and the script executes other skills' Python scripts (via subprocess.run), reads/writes files (creates temp, viz, and may write stock.csv into the lab-inventory directory), and performs web scraping (patents.google.com). The script will send candidate identifiers/SMILES to external sites for patent searches, which can leak proprietary molecular structures. It also creates/modifies files inside other skill directories (creating stock.csv if missing), which is scope creep and could corrupt or persist data outside the skill's own sandbox.
Install Mechanism
There is no install specification (instruction-only install), which is low risk. But a venv/pyvenv.cfg file is included in the package — odd for an instruction-only skill and suggests assumptions about environment or bundled virtualenv state. No external download URLs are used.
!
Credentials
The skill declares no required credentials or env vars (good), but it performs outbound web requests (patent_scout.py uses requests to query patents.google.com) without warning. Sending candidate SMILES, names, or other search queries to external web endpoints can leak IP or sensitive data. The skill also executes other local skill scripts — if those scripts expect credentials or secrets, this skill could indirectly cause exposure. The skill's dependency list mentions beautifulsoup4 but does not explicitly list 'requests' (used in code), a minor mismatch.
Persistence & Privilege
always is false and the skill does not request elevated platform privileges. However it writes files into sibling skill directories (e.g., lab-inventory/stock.csv) and creates temp/viz folders in the working directory, which gives it a degree of persistent footprint across the workspace and could affect other skills' state. It does not modify agent configuration or request permanent inclusion.
What to consider before installing
What to consider before installing: - Provenance: the owner and homepage are unknown. Prefer skills from verified/known sources when dealing with proprietary chemistry. - External network: this skill will send search terms (SMILES or names) to patents.google.com via patent_scout.py — do not run it on confidential molecules unless you accept that risk or block network access. - File access: it executes scripts from sibling skill directories and may create or overwrite files there (it will create a stock.csv in lab-inventory if missing). Ensure those other skills are trusted and you are okay with cross-skill file writes. - Review other skills: because it calls chemistry-query, synth-notebook, and lab-inventory scripts directly, inspect those repos/scripts to confirm they are safe and that calling them via subprocess is intended. - Environment assumptions: the package contains a venv config but no installer; confirm RDKit and other Python dependencies exist in your environment before running. - Recommended mitigations: run in an isolated sandbox, disable outbound network during patent-scout if you need confidentiality, back up or sandbox other skill directories to avoid unintended file writes, and review the code of the called sibling scripts. If you need help assessing the other skills (chemistry-query, synth-notebook, lab-inventory), gather their code and provenance and re-run an evaluation.

Like a lobster shell, security has layers — review code before you run it.

latestvk970hnb3d9tfsn42v44wp9v4nh82qdyj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments