Variant Annotation
ReviewAudited by ClawScan on May 1, 2026.
Overview
This appears to be a legitimate variant-annotation skill, but it sends variant queries to NCBI and can use an optional NCBI API key.
This skill is coherent for ClinVar/dbSNP variant annotation. Before using it, remember that queried variant data may be sent to NCBI, avoid adding identifiable patient context, use only an appropriate NCBI API key if needed, and verify any clinically important interpretation with authoritative sources or a qualified professional.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Variant information entered into the skill may leave the local environment and be sent to NCBI services.
The script sends user-provided variant queries to NCBI ClinVar/dbSNP APIs. This is expected for the skill, but genomic variant identifiers or VCF-derived data can be sensitive.
f"db=clinvar&term={encoded_query}&retmode=json&retmax=10"Use only variant data you are comfortable querying against public NCBI APIs, and avoid submitting identifiable or unnecessary patient context.
If an API key is provided, it will be used for NCBI requests.
The code supports an optional NCBI API key and appends it to NCBI requests. This is purpose-aligned for increased rate limits and there is no evidence of hardcoded keys, logging, or unrelated credential use.
def __init__(self, api_key: Optional[str] = None, delay: float = 0.34):
Provide only an NCBI API key intended for this use, and do not pass unrelated credentials.
If the requirements file is installed, package resolution may depend on the current package index state.
A dependency is listed without a pinned version. No automatic install step is shown, so this is a minor provenance/install hygiene note rather than evidence of malicious behavior.
dataclasses
Install dependencies in a controlled environment and pin versions if reproducibility matters.