PharmaClaw Chemistry Query
v2.0.1Chemistry agent skill for PubChem API queries (compound info/properties, structures/SMILES/images, synthesis routes/references) + RDKit cheminformatics (SMIL...
⭐ 0· 37·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (PubChem + RDKit + synthesis tooling) align with the contained scripts (query_pubchem.py, rdkit_mol.py, rdkit_reaction.py, opsin downloader, ChEMBL and PubMed queries). Declared package deps (rdkit, gradio, pandas, Pillow) are appropriate for the features described. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
Runtime instructions and scripts perform exactly the expected tasks (PubChem/ChEMBL/PubMed HTTP requests, RDKit processing, image generation). They also: (1) download an OPSIN JAR at runtime (from GitHub) when name→SMILES conversion is used; (2) write visualization files under the skill tree (viz/ and script-local files) and save opsin.jar into scripts/; (3) call local scripts via subprocess.run. Additionally, chain_entry.py will attempt to import and call lab_update from a relative 'pharmaclaw-lab-ui' path if present — this is a cross-skill/dashboard hook that can transmit analyzed compound names/SMILES to that component if installed.
Install Mechanism
No install spec is provided (instruction-only skill with bundled code). The only runtime download is OPSIN JAR from a GitHub release; the code verifies a pinned SHA-256 before accepting it, which is good. There is no indication of arbitrary third-party binaries or untrusted shortener/IP downloads.
Credentials
The skill declares no required environment variables or secrets and does not attempt to read system config paths. Network calls are limited to public chemistry APIs (PubChem, ChEMBL, NCBI). The permissions requested are proportional to the chemistry-data/cheminformatics functionality.
Persistence & Privilege
always:false and no model-invocation restrictions — normal. The skill writes files into its own tree (viz images, downloaded opsin.jar) and can create directories under the skill. The only cross-component privilege is the optional import of a 'pharmaclaw-lab-ui' lab_hook (if present in the relative path) which allows the skill to call lab_update; this could forward compound context to that dashboard if you also have that component installed.
Assessment
This skill appears to be what it claims: a PubChem + RDKit chemistry toolkit. Before installing/running it, consider: (1) RDKit and the declared Python packages must be present (RDKit is large); (2) Java (JRE) is only needed if you use IUPAC→SMILES conversion — the skill will download an OPSIN JAR into the skill directory and verifies its SHA-256 (you can validate the pinned checksum yourself); (3) the scripts make HTTP(S) calls to public APIs (PubChem, ChEMBL, NCBI) and will write image and JSON outputs into the skill folder (viz/ and scripts/); (4) chain_entry.py attempts to import and call a lab_update hook from a relative 'pharmaclaw-lab-ui' path if that package/directory exists — if you have that component installed, review it to understand what data (compound names/SMILES/status) may be forwarded; (5) the reaction templates and multi-step planning are powerful and could be used for risky chemical synthesis — if that is a concern, run the skill in an isolated environment without network access or inspect/disable the reaction/template files. If you want higher assurance, review the lab_hook implementation (if present), confirm the OPSIN checksum, and run the skill in a sandboxed environment.Like a lobster shell, security has layers — review code before you run it.
latestvk972bzq5swbcpxysnq994b2p1s8428gp
License
MIT-0
Free to use, modify, and redistribute. No attribution required.