ClawHub

BioSkills

v3.0.0

Installs 412 bioinformatics skills covering sequence analysis, RNA-seq, single-cell, variant calling, metagenomics, structural biology, and 54 more categorie...

4· 1k·1 current·1 all-time
by@djemec
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description claim to install a large collection of bioinformatics skills and the provided installer script implements that: it clones a GitHub repository and runs an OpenClaw installer from it. Required binaries (git and either python3 or Rscript) match the stated bioinformatics purpose and there are no unrelated environment variables or credentials requested.
Instruction Scope
SKILL.md tells the agent/user to run scripts/install-bioskills.sh (included). That script clones the declared GitHub repo, verifies a specific commit hash, and then executes install-openclaw.sh from the cloned repo. The instructions do not request unrelated files/credentials, but they do cause execution of a remote script (install-openclaw.sh) whose contents are not present in the package — that grants the remote repository the ability to perform arbitrary install-time actions on the user’s machine.
Install Mechanism
No binary package downloads from untrusted hosts. The installer uses git to clone a GitHub repository (a well-known host) and enforces a single expected commit hash for integrity checks, which mitigates supply-chain risk. The script does not extract arbitrary archives from unknown servers.
Credentials
No credentials or privileged environment variables are requested. The script writes to user-local paths ($HOME/.openclaw/...), which is appropriate for a user-level installer. Required binaries are proportional to the task.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges in its metadata. The installer creates and modifies files in the user's home directory (~/.openclaw) and can remove those files via --uninstall. Note: the executed install-openclaw.sh (from the cloned repo) could alter other parts of the environment — that script was not provided for review.
Assessment
This skill appears coherent for installing many bioinformatics helper skills: it needs git and will clone a GitHub repo and run an installer script from that repo. Before installing, review and trust the remote repository and the specific commit hash the installer expects. Because the installer executes install-openclaw.sh from the cloned repo (not included in the package), that remote script could perform any actions on your user account. Safer steps: inspect the repository and the install-openclaw.sh content on GitHub, run the installer on a disposable/isolated environment or container, back up any important OpenClaw data (~/.openclaw), and consider using the --categories option to limit what is installed. If you cannot review the remote script, do not run the installer on sensitive systems.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a5rdsc6henxc77vewmhfq2x8149sp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧬 Clawdis
OSmacOS · Linux
Binsgit
Any binpython3, Rscript

Comments