Pharmaclaw Tox Agent
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to be a straightforward local SMILES analysis helper with no credential, network, persistence, or destructive behavior; users should only note its external RDKit dependency and optional pipeline sharing of compound data.
This looks safe to install for local chemistry descriptor screening. Before use, make sure RDKit is installed from a trusted source, and avoid sending confidential SMILES or drug-candidate data into any downstream pipeline agent unless you understand where that data will go.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If RDKit is missing or installed from an untrusted package source, the skill may fail or inherit supply-chain risk from that package.
The skill relies on a third-party RDKit package. This dependency is disclosed and necessary for the stated purpose, but the supplied artifacts do not include an install spec or version pin.
## Dependencies - `rdkit-pypi` — Molecular descriptors, QED, substructure matching
Install RDKit from a trusted source and prefer version-pinned dependency management if packaging or deploying this skill.
Proprietary compound structures or analysis results could be passed to other agents if the broader pipeline integration is used.
The skill documents intended pipeline data flow involving SMILES strings and safety flags. This is purpose-aligned, but boundaries, confirmation steps, and downstream handling are not detailed.
## Chain Integration - **Receives from:** Chemistry Query (SMILES), Pharmacology (ADME flags) - **Feeds into:** IP Expansion (safer derivative suggestions), Synthesis (avoid toxic intermediates) - **Cross-references:** Market Intel (FAERS adverse events for similar structures)
Confirm which downstream agents or services receive compound data before using the skill with confidential molecules.