ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Phenosnap Phenotype Extractor

v0.1.1

Extract clinical phenotypes and medication entities from user-provided text using PhenoSnap, producing a timestamped JSON output.

0· 562·0 current·0 all-time
byKai Wang@kaichop
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (phenotype + medication extraction) match the declared needs: python3 to run PhenoSnap, a way to fetch PhenoSnap (git/curl/PowerShell), and an HPO OBO file (HPO_OBO_PATH) for ontology lookup. These requirements are proportionate to the stated purpose.
Instruction Scope
SKILL.md stays on task (redact user PHI, write inputs/outputs locally, run PhenoSnap). It explicitly clones or downloads PhenoSnap and may auto-install Python dependencies and run PhenoSnap scripts — i.e., it instructs the agent to fetch and execute third‑party code. Redaction is required but implemented as heuristics (may miss identifiers). The skill writes timestamped files to disk under baseDir.
Install Mechanism
No formal install spec; runtime instructions fetch code from GitHub (https://github.com/WGLab/PhenoSnap) via git or downloadable zip — a common and traceable source. There is fallback to pip/get-pip.py and running pip installs, which increases attack surface. URLs used are GitHub releases/branches (not shorteners or unknown personal servers), so risk is moderate but expected for this type of skill.
Credentials
The only required env var is HPO_OBO_PATH (a path to an ontology file), which is appropriate. It is odd that this path is declared as the 'primary credential' (primaryEnv) even though it isn't a secret; this is a labeling quirk but not materially harmful. No API keys or unrelated secrets are requested.
Persistence & Privilege
always:false (not force-included). The skill writes artifacts under a declared baseDir and creates local directories; it does not request system-wide config changes or other skills' credentials. Autonomous invocation is enabled (platform default) but not a special privilege here.
Assessment
This skill will download PhenoSnap from GitHub and run its Python code locally and may auto-install Python packages. Before installing/use: (1) supply hp.obo locally and set HPO_OBO_PATH; (2) review the upstream WGLab/PhenoSnap repository code to ensure you trust it; (3) run the skill in a restricted environment or virtualenv (avoid running as admin); (4) verify the redaction step on any sensitive clinical text — heuristics can miss identifiers; (5) be aware the skill will write timestamped input/output files under the chosen baseDir; (6) if you are uncomfortable with automatic pip/get-pip.py network installs or executing third‑party scripts, do not install or audit the repository first. The 'primaryEnv' label for HPO_OBO_PATH is unusual but not itself a secret-exfiltration signal.

Like a lobster shell, security has layers — review code before you run it.

latestvk97crhmg3t8ydry4vsm4mmq49n81whr5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3
Any bingit, curl, powershell
EnvHPO_OBO_PATH
Primary envHPO_OBO_PATH

Comments