ClawHub

Clarity Submit

v1.0.0

Submit a protein variant hypothesis to Clarity Protocol for validation and folding. Use when the user asks to submit a hypothesis, propose a protein variant,...

0· 301·0 current·0 all-time
by@clarityprotocol
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name, SKILL.md, and included scripts all align: they submit hypotheses and check status on clarityprotocol.io. However the registry metadata (no homepage, no required env vars, no primary credential) contradicts SKILL.md and the code which clearly requires CLARITY_WRITE_KEY for POSTs and optionally CLARITY_API_KEY for reads.
Instruction Scope
Runtime instructions and scripts limit operations to clarityprotocol.io endpoints and the declared submission/checking flows (POST /hypotheses, GET /lab/api/hypothesis/{id}). The SKILL.md asks the user to set CLARITY_WRITE_KEY for write operations and the scripts do not attempt to read unrelated filesystem paths or other environment variables.
Install Mechanism
This is an instruction-only skill with Python scripts and no install spec; nothing is downloaded or written to disk by an installer. Risk is limited to running the included scripts locally.
!
Credentials
The code requires CLARITY_WRITE_KEY (and optionally CLARITY_API_KEY) but the skill registry entry lists no required env vars or primary credential. The write key requirement is reasonable for a write operation, but the manifest omission is a coherence issue and should be corrected/clarified before trusting the skill. Ensure the write key provided has appropriate, limited scope.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system-wide configs, and does not persist credentials itself. It runs network calls only to clarityprotocol.io.
What to consider before installing
The code does what the description says (submits variants to clarityprotocol.io and checks status), but the registry metadata is inconsistent: it does not declare the CLARITY_WRITE_KEY/CLARITY_API_KEY env vars or a homepage/source. Before installing or running: 1) Verify the skill's origin (confirm the owner and a legitimate homepage/repo for clarityprotocol.io); 2) Only provide a write key that is scoped and revocable (do not use high-privilege or long-lived secrets); 3) Prefer testing read-only operations first (no write key) and inspect network traffic if possible; 4) If you plan to run submit_hypothesis.py, confirm the tracking URL and endpoints match the official service and that you're comfortable sending variant data to that external service. If the registry owner cannot explain the metadata omissions, treat the skill with caution.

Like a lobster shell, security has layers — review code before you run it.

latestvk979pz5n5gat9yg2pjycqdaa8581tzdd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments