Pharmaclaw Chemistry Query
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a disclosed chemistry toolkit, with the main things to notice being public API queries, local script execution, and an optional verified OPSIN JAR download.
Before installing, confirm you are comfortable with a local Python/RDKit chemistry toolkit that can call public chemistry APIs, write generated visualization files, and optionally download and run the checksum-verified OPSIN Java tool for IUPAC name conversion.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using IUPAC name conversion can download an external Java archive into the skill directory.
The skill discloses a third-party JAR download. The checksum pinning reduces supply-chain risk, but users should still be aware that an external binary dependency is fetched when that feature is used.
OPSIN JAR (13.8MB) is auto-downloaded on first use of IUPAC name conversion with pinned SHA-256 checksum verification
Use the OPSIN feature only if needed, keep the checksum-pinned download behavior intact, and install the skill from a trusted source.
The skill may run local Python scripts and, for OPSIN conversion, a local Java process.
The skill can execute Java to run the downloaded OPSIN tool. This is purpose-aligned for name-to-SMILES conversion and uses a fixed argument list rather than shell interpolation.
cmd = ["java", "-jar", jar_path, "--stdin", "--output", "smiles"]
Ensure Java and Python dependencies are installed from trusted sources, and avoid granting unnecessary elevated privileges when running the skill.
Private or proprietary molecule names and structures entered into the skill could be transmitted to public chemistry or literature services.
The skill explicitly uses public third-party APIs, so compound names, SMILES, and literature search terms may be sent outside the local environment.
external-apis: - PubChem REST API (public, no key required) - ChEMBL API (public, no key required) - PubMed/NCBI E-utilities (public, no key required)
Do not use confidential compound identifiers or unpublished structures with external API features unless that sharing is acceptable.