Skillv0.1.1

ClawScan security

Phenosnap Phenotype Extractor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 26, 2026, 3:22 PM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requirements and instructions are generally consistent with its stated purpose (bootstrapping and running PhenoSnap locally), but it will download and execute third‑party code and relies on heuristic redaction — review the upstream repo and run in an isolated environment before use.
Guidance: This skill will download PhenoSnap from GitHub and run its Python code locally and may auto-install Python packages. Before installing/use: (1) supply hp.obo locally and set HPO_OBO_PATH; (2) review the upstream WGLab/PhenoSnap repository code to ensure you trust it; (3) run the skill in a restricted environment or virtualenv (avoid running as admin); (4) verify the redaction step on any sensitive clinical text — heuristics can miss identifiers; (5) be aware the skill will write timestamped input/output files under the chosen baseDir; (6) if you are uncomfortable with automatic pip/get-pip.py network installs or executing third‑party scripts, do not install or audit the repository first. The 'primaryEnv' label for HPO_OBO_PATH is unusual but not itself a secret-exfiltration signal.

Review Dimensions

Purpose & Capability: okName/description (phenotype + medication extraction) match the declared needs: python3 to run PhenoSnap, a way to fetch PhenoSnap (git/curl/PowerShell), and an HPO OBO file (HPO_OBO_PATH) for ontology lookup. These requirements are proportionate to the stated purpose.
Instruction Scope: noteSKILL.md stays on task (redact user PHI, write inputs/outputs locally, run PhenoSnap). It explicitly clones or downloads PhenoSnap and may auto-install Python dependencies and run PhenoSnap scripts — i.e., it instructs the agent to fetch and execute third‑party code. Redaction is required but implemented as heuristics (may miss identifiers). The skill writes timestamped files to disk under baseDir.
Install Mechanism: noteNo formal install spec; runtime instructions fetch code from GitHub (https://github.com/WGLab/PhenoSnap) via git or downloadable zip — a common and traceable source. There is fallback to pip/get-pip.py and running pip installs, which increases attack surface. URLs used are GitHub releases/branches (not shorteners or unknown personal servers), so risk is moderate but expected for this type of skill.
Credentials: noteThe only required env var is HPO_OBO_PATH (a path to an ontology file), which is appropriate. It is odd that this path is declared as the 'primary credential' (primaryEnv) even though it isn't a secret; this is a labeling quirk but not materially harmful. No API keys or unrelated secrets are requested.
Persistence & Privilege: okalways:false (not force-included). The skill writes artifacts under a declared baseDir and creates local directories; it does not request system-wide config changes or other skills' credentials. Autonomous invocation is enabled (platform default) but not a special privilege here.