ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Differential Gene Expression Analysis (RNA-seq)

v1.0.2

Performs differential gene expression analysis on RNA-seq count data using DESeq2, generating significant gene lists and visualizations.

0· 83·0 current·0 all-time
by@kenthompson2088
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The R code in SKILL.md implements differential gene expression using DESeq2, PCA, volcano, and heatmap which aligns with the skill's description. However, skill.json claims an entryFile (main.R) and runtime (R-4.2) while no such file exists in the bundle and the registry metadata earlier listed no required binaries—this metadata mismatch is inconsistent and may cause runtime confusion.
Instruction Scope
The instructions are narrowly scoped to reading input/count_matrix.csv, running DESeq2-based analysis, creating plots, and writing outputs to output/. The code does not read unrelated system files, environment variables, or call external endpoints except to install R packages. The analysis uses a hard-coded sample grouping (3 Control / 3 Treat), which may not match user data.
Install Mechanism
The SKILL.md performs runtime package installation via install.packages('BiocManager', ...) and BiocManager::install(...). This installs from CRAN/Bioconductor (cloud.r-project.org and Bioconductor), which is a standard source for R packages but implies network access and the ability to execute newly downloaded code at runtime. There is no separate install spec in the manifest to declare or prepare these dependencies.
Credentials
The skill requests no environment variables, no credentials, and no config paths. The lack of requested secrets is appropriate for its purpose.
Persistence & Privilege
The skill is not always-enabled and uses normal, user-invocable settings. It does not request persistent agent privileges or modify other skills' configurations.
What to consider before installing
This skill appears to do what it says (DESeq2 analysis) but has several practical inconsistencies you should address before running: (1) The manifest (skill.json) references main.R and an R runtime while the bundle only contains SKILL.md with embedded R — update the manifest or provide the entry file so execution is deterministic. (2) input/count_matrix.csv in the package is empty; provide a properly formatted count matrix (rows=genes, columns=samples) that matches the hard-coded group factor (3 Control / 3 Treat) or modify the code to accept arbitrary sample groups. (3) The skill installs R/Bioconductor packages at runtime; that requires network access and will execute code downloaded from CRAN/Bioconductor — run in a sandboxed environment or pre-install/verify packages if you have security concerns. (4) If you need provenance, request the author/source (homepage) because the skill's source is unknown. If you plan to run this in a production environment, verify the input format, update the metadata, and consider pinning package versions to reduce variability.

Like a lobster shell, security has layers — review code before you run it.

DESeq2vk973ebezx281brq9hp3rnybayx83a02fRNA-seqvk973ebezx281brq9hp3rnybayx83a02fbioinformaticsvk973ebezx281brq9hp3rnybayx83a02fdifferential-genevk973ebezx281brq9hp3rnybayx83a02fenrichment-analysisvk973ebezx281brq9hp3rnybayx83a02flatestvk97ed6p2njev2h93szabmzk1wx83ad68visualizationvk973ebezx281brq9hp3rnybayx83a02f

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments