PharmaClaw Pharmacology Agent
v2.0.0Pharmacology agent for ADME/PK profiling of drug candidates from SMILES. Computes drug-likeness (Lipinski Ro5, Veber rules), QED, SA Score, ADME predictions...
⭐ 0· 290·2 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The code and SKILL.md match the stated purpose: RDKit descriptor calculations, rule-based ADME heuristics, optional ADMETlab 3.0 ML integration. However, the skill metadata declares no required binaries or env vars while the code clearly requires Python packages (rdkit, requests) and optional RDKit contrib modules (SA_Score, PAINS catalog). This omission is an inconsistency (missing dependency declarations) but not necessarily malicious.
Instruction Scope
The runtime instructions direct calling scripts/chain_entry.py which in turn may call scripts/admetlab3.py that performs an HTTP POST of the SMILES to ADMETlab 3.0 (https://admetlab3.scbdd.com). Transmitting SMILES to a third-party service can leak proprietary chemical structures/IP. The SKILL.md mentions ADMETlab integration (so the network call is documented) but there is no clear user warning about privacy/IP risk or an explicit opt-out to force local-only RDKit fallback.
Install Mechanism
No install spec is provided (instruction-only), which avoids arbitrary downloads, but the included code depends on heavy third-party libraries (RDKit, requests, optional RDKit contrib modules). Because these are not declared in metadata, users may run into missing-dependency failures or silently run with reduced functionality. There are no suspicious external installers or unusual download URLs in the package itself.
Credentials
The skill does not request credentials or environment variables, which is appropriate. However, it will transmit input SMILES over the network to a third-party API when available; that network access effectively exposes potentially sensitive data (chemical structures). From a credentials perspective this is proportional, but from a data-exposure perspective it is a material privacy/IP concern that should be made explicit to the user.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system config, and has no elevated persistence or privileges. It runs only when invoked and prints JSON to stdout; no evidence of self-installation or system-wide changes.
What to consider before installing
This skill appears to do what it says (RDKit-based ADME and optional ADMETlab API predictions), but pay attention to two things before using it:
- Dependency availability: The package metadata lists no required binaries, but the scripts need Python packages (rdkit and requests) and optional RDKit contrib modules (SA_Score, PAINS). Ensure these are installed in a controlled environment before running.
- Data exposure / IP risk: When ADMETlab 3.0 is reachable, the skill will POST your SMILES to https://admetlab3.scbdd.com. If your molecules are proprietary, confidential, or covered by IP restrictions, do not run this skill without either removing/patching the admetlab call (force local-only RDKit fallback) or confirming the external service's data handling/privacy terms. Consider running the tool offline (use chain_entry.py which can operate purely with RDKit if ADMETlab is unavailable) or auditing admetlab3.py to add an explicit opt-in flag to enable external queries.
Also consider running the code in an isolated environment (container) and reviewing the code locally before supplying sensitive inputs. If you need help patching the script to disable network calls by default, ask and provide the preferred behavior (always-local vs explicit --use-admetlab flag).Like a lobster shell, security has layers — review code before you run it.
latestvk97c9ymvea33qqfkkrar2z3h5d8240h6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.