ClawHub

Pharmaclaw Catalyst Design

Security checks across static analysis, malware telemetry, and agentic risk

Overview

The skill appears to perform local catalyst and ligand design as described, with only review notes about an undeclared RDKit dependency and optional chaining of chemistry outputs to other agents.

This looks coherent and purpose-aligned. Before installing, use a virtual environment, install RDKit from a trusted/pinned source if needed, and avoid chaining or saving proprietary reaction and ligand designs unless you trust the downstream agents and storage location.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI04: Agentic Supply Chain Vulnerabilities
Low
What this means

Users may need to install an external Python package that is not declared in the registry metadata.

Why it was flagged

The script depends on RDKit and points users to install it, while the registry/install metadata declares no install spec or required packages. This is a dependency/provenance note, not hidden execution.

Skill content
except ImportError: print(json.dumps({"error": "RDKit not installed. Run: pip install rdkit", "status": "error"}))
Recommendation

Install RDKit only from a trusted source, preferably in an isolated environment with pinned versions.

#ASI07: Insecure Inter-Agent Communication
Low
What this means

If used with proprietary drug-synthesis work, reaction details or novel ligand ideas could be shared with other agents in the workflow.

Why it was flagged

The documented workflow can pass generated ligand and reaction-condition data to other agents. This is disclosed and purpose-aligned, but data-boundary and confirmation details are not specified.

Skill content
Catalyst Design | Novel ligand SMILES | IP Expansion | Patent landscape check ... Catalyst Design | Recommended conditions | Chemistry Query | Forward reaction simulation
Recommendation

Review destination agents before chaining and ask for confirmation before sharing sensitive or proprietary chemistry data.