Skillv3.0.0

ClawScan security

BioSkills · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 14, 2026, 12:30 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill and its installer are internally consistent with a meta-installer for many bioinformatics skills, but it clones and executes a remote install script you should review before running.
Guidance: This skill appears coherent for installing many bioinformatics helper skills: it needs git and will clone a GitHub repo and run an installer script from that repo. Before installing, review and trust the remote repository and the specific commit hash the installer expects. Because the installer executes install-openclaw.sh from the cloned repo (not included in the package), that remote script could perform any actions on your user account. Safer steps: inspect the repository and the install-openclaw.sh content on GitHub, run the installer on a disposable/isolated environment or container, back up any important OpenClaw data (~/.openclaw), and consider using the --categories option to limit what is installed. If you cannot review the remote script, do not run the installer on sensitive systems.

Review Dimensions

Purpose & Capability: okThe name/description claim to install a large collection of bioinformatics skills and the provided installer script implements that: it clones a GitHub repository and runs an OpenClaw installer from it. Required binaries (git and either python3 or Rscript) match the stated bioinformatics purpose and there are no unrelated environment variables or credentials requested.
Instruction Scope: noteSKILL.md tells the agent/user to run scripts/install-bioskills.sh (included). That script clones the declared GitHub repo, verifies a specific commit hash, and then executes install-openclaw.sh from the cloned repo. The instructions do not request unrelated files/credentials, but they do cause execution of a remote script (install-openclaw.sh) whose contents are not present in the package — that grants the remote repository the ability to perform arbitrary install-time actions on the user’s machine.
Install Mechanism: okNo binary package downloads from untrusted hosts. The installer uses git to clone a GitHub repository (a well-known host) and enforces a single expected commit hash for integrity checks, which mitigates supply-chain risk. The script does not extract arbitrary archives from unknown servers.
Credentials: okNo credentials or privileged environment variables are requested. The script writes to user-local paths ($HOME/.openclaw/...), which is appropriate for a user-level installer. Required binaries are proportional to the task.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated platform privileges in its metadata. The installer creates and modifies files in the user's home directory (~/.openclaw) and can remove those files via --uninstall. Note: the executed install-openclaw.sh (from the cloned repo) could alter other parts of the environment — that script was not provided for review.