Skillv1.0.0

ClawScan security

Pharmaclaw Alphafold Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 11, 2026, 6:15 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and external calls are consistent with a lightweight, proof‑of‑concept AlphaFold/ESMFold + RDKit agent; it does not ask for credentials or hidden endpoints, though several capabilities are mocked and the script has bugs and is not production-grade.
Guidance: This skill appears to do what it says and does not request credentials or hidden endpoints, but treat it as a proof-of-concept/demo: ESMFold prediction is mocked, binding-site detection and docking are simplistic, and the script contains runtime bugs (missing Draw import, minimal error handling). If you plan to use it in production, review and fix the code, add input validation and HTTP/response checks, replace mocks with real ESMFold/fpocket/Vina components, and run it in an isolated/sandbox environment. As with any third-party script from an unknown source, inspect the code and test on non-sensitive systems before trusting it with important data.

Review Dimensions

Purpose & Capability: noteThe name/description (structure retrieval, ESMFold prediction, binding site detection, RDKit docking) matches the code and dependencies (requests, biopython, RDKit). However ESMFold prediction is explicitly mocked in the script (predict_esmfold writes a placeholder PDB) rather than invoking HuggingFace/ESMFold; docking and pocket detection are simplified/mocked. This is coherent for a demo but not a full production implementation.
Instruction Scope: okSKILL.md and the script instruct the agent to fetch public PDBs (RCSB), optionally read a FASTA file, run a local mock prediction, detect pockets and run an RDKit-based docking/emedding. The script writes files locally and performs HTTP requests only to legitimate public endpoints (RCSB and AlphaFold EBI). It does not read or exfiltrate unrelated system files or request credentials.
Install Mechanism: okNo install spec is provided (instruction-only skill with one included script). That lowers installation risk; packages listed (rdkit-pypi, biopython, requests) are consistent with functionality. No arbitrary downloads or extract/install steps are present.
Credentials: okThe skill declares no required environment variables, no credentials, and requests no config paths. The runtime code also does not read environment variables or secrets.
Persistence & Privilege: okalways is false and the skill does not request persistent presence or modify other skills or system-wide settings. It runs as a one-off script that reads/writes local files.