Skillv1.0.0

ClawScan security

Pharmaclaw Cheminformatics · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 11, 2026, 6:15 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and requirements are coherent with a cheminformatics agent: it uses RDKit to perform conformer generation, pharmacophore mapping, format conversion, RECAP fragmentation, and stereoisomer enumeration and does not request credentials or external network access.
Guidance: This appears to be a straightforward local cheminformatics toolkit. Before installing/using: (1) ensure RDKit (rdkit-pypi) and other dependencies (numpy, Pillow for images) are installed in a controlled environment; (2) be aware CPU/memory can be heavy for large conformer enumerations (the conformer generator uses all cores by default); (3) outputs are written to any output_dir you provide — chain_entry.py does not further sanitize output_dir, so choose directories you trust and have appropriate permissions; (4) no network calls or credentials are requested by the skill, so it won't exfiltrate data unless you run it in an environment that already exposes files or secrets; (5) as always, run untrusted code in an isolated environment (container/VM) if you are concerned about unexpected behavior.

Review Dimensions

Purpose & Capability: okName/description match the actual code. All modules implement the cheminformatics features described (conformers, pharmacophores, format conversion, RECAP fragmentation, stereoisomer enumeration) and rely on RDKit and standard scientific libs; no unrelated credentials, binaries, or services are requested.
Instruction Scope: noteSKILL.md and chain_entry.py confine operations to molecule inputs, local file outputs, and RDKit processing. Modules may write SDF/PDB/PNG/text files when an output path is provided. Two minor notes: (1) format_converter applies basic path sanitization for output file paths, but chain_entry.py writes into a user-supplied output_dir without additional sanitization, so outputs will be created wherever the caller points the skill; (2) some operations (conformer generation) use all CPU cores and can be resource-intensive.
Install Mechanism: okThere is no install spec (no downloads or installers). The code depends on RDKit, numpy, and optionally Pillow; missing dependencies cause the scripts to exit with a clear error. No remote URLs, extract operations, or package installs are embedded in the skill.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. It uses RDKit internals (RDConfig.RDDataDir) to load feature definitions, which is expected. No secrets are requested or accessed.
Persistence & Privilege: okalways is false and the skill does not modify other skills or global agent settings. It writes outputs only to paths you supply; it does not attempt to persist credentials or alter runtime configuration beyond its own outputs.