ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

SMILES Profiling

v1.2.0

Comprehensive SMILES profiling through SwissTargetPrediction, PubChem, ADMETlab 3.0, ChEMBL, and PK-Smart. Use when given a single SMILES to extract predicte...

0· 89·0 current·0 all-time
byHendrik Schmitz@hendr15k
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the implementation: the scripts and SKILL.md call SwissTargetPrediction, PubChem, ADMETlab 3.0, ChEMBL, and PK‑Smart exactly as advertised. Network calls and parsing logic align with the stated goal of producing a combined pharmacology profile.
Instruction Scope
Runtime instructions focus on the SMILES-to-profiles workflow and reference the included scripts. The scripts perform only the expected network lookups and parsing; they do not attempt to read unrelated system files or request credentials. However, the code will transmit user-provided SMILES to multiple external services (expected for this skill but privacy-relevant) and uses a Streamlit/WebSocket flow to interact with PK-Smart.
!
Install Mechanism
This is an instruction-only skill with included Python scripts but no install spec or dependency list. The code imports third-party packages (e.g., websockets, google.protobuf) that are not declared anywhere, and autoresearch.config.md states 'Do not add third‑party Python packages' which conflicts with actual imports. That mismatch can lead to runtime failures or hidden ad-hoc installation steps by an integrator; lack of dependency declaration is an operational and supply-chain concern.
Credentials
No environment variables, credentials, or config paths are requested. All external access is to the public APIs/URLs documented in the references. There are no unrelated secrets requested.
Persistence & Privilege
The skill is not force‑enabled (always:false) and does not request to modify other skills or global agent settings. Autonomy (model invocation) defaults are unchanged; nothing in the package requests elevated persistence.
What to consider before installing
This skill appears to do what it says (send a SMILES string to public cheminformatics services and aggregate results), but be aware of two practical risks: (1) the included Python scripts rely on third‑party packages (websockets, google.protobuf, etc.) but the skill provides no install or dependency manifest — installation may fail or require ad-hoc package installs; (2) the skill sends the SMILES (which may be proprietary or sensitive) to multiple external services over the network (PubChem, SwissTargetPrediction, ADMETlab, ChEMBL, PK‑Smart). If you need to protect chemical confidentiality or operate in an air‑gapped environment, do not run this skill without validating where data will be sent and ensuring required libraries are installed in a controlled manner. If you want to proceed, ask the maintainer for a clear requirements.txt or packaging instruction and confirm whether you accept transmitting SMILES to the documented endpoints.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a5pw6egwp58hbnyfvg286dn84hrbx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments