Volcano Plot Script
PassAudited by ClawScan on May 1, 2026.
Overview
This looks like a normal local volcano-plot helper, with expected cautions about running local code, installing dependencies, and choosing file paths carefully.
Before installing, use a virtual environment for dependencies, run the script only on intended DEG files, keep outputs in your project workspace, and review any generated R script before executing it.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Dependency behavior can change depending on when and where the packages are installed.
The dependency file lists standard plotting/data packages without version pins; this is expected for the skill but means installs may resolve different package versions over time.
pandas matplotlib seaborn numpy
Install in a virtual environment and pin or review package versions if reproducibility or supply-chain control matters.
The script can read the selected DEG file and write plot outputs wherever the caller specifies.
The script accepts local input and output paths from the caller. That is normal for a plotting tool, but users should ensure an agent does not point it at unintended files or overwrite important outputs.
parser.add_argument('--input', '-i', required=True,
help='Input file (CSV/TSV) with DEG results')
parser.add_argument('--output', '-o', default='volcano_plot.png',Use trusted DEG files and choose output paths inside a project directory rather than protected or unrelated locations.
If exported R scripts are run, they execute with the user's local permissions.
The skill can generate executable R code and interpolates command-line values into that code. Code generation is part of the stated purpose, but generated scripts should be treated as executable artifacts.
r_script = f'''# Volcano Plot Script (R/ggplot2)
# Generated by volcano-plot-script
library(ggplot2)
library(dplyr)
# Read data
data <- read.csv("{args.input}")Review generated R scripts before running them, especially when filenames, column names, or other parameters come from untrusted sources.