ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Western Blot Quantifier

v0.1.0

Automatically identify Western Blot gel bands, perform densitometric analysis, and calculate normalized values relative to loading controls (GAPDH, β-actin,...

0· 169·0 current·0 all-time
by@lyla0921
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
Name/description match the general purpose (image-based band detection and quantification) and dependencies are appropriate for image analysis. However, the package metadata and SKILL.md refer to a WesternBlotQuantifier class and result objects (analyze(), save(), save_figures(), DataFrame outputs) that are not implemented in the included code. __init__.py attempts to import WesternBlotQuantifier, AnalysisResult, and BandRegion from main.py, but main.py defines a WBQuantifier class and none of the other names — this will cause import failures.
!
Instruction Scope
SKILL.md documents a Python API and CLI with options (--input, --reference, --targets, --lanes, output file saving, CSV exports, figure saving) that are not supported by the included main.py. main.py's CLI accepts --image and --demo only and contains only a demo-mode synthetic-image printout; there is no implemented image file I/O, CSV export, plotting, or analysis return object as described. The runtime instructions therefore overreach relative to the actual code.
Install Mechanism
No install spec in registry; instructions use pip install -r requirements.txt which lists common, well-known Python packages for image/data processing (numpy, opencv-python, pandas, etc.). This is proportionate to the stated purpose. No remote downloads or obscure install sources detected.
Credentials
The skill does not request environment variables, credentials, or config paths. That is consistent with the described offline, local-image processing functionality.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or persistent privileges. It is user-invocable and does not modify other skills or system-wide settings per the provided files.
What to consider before installing
Do not install or run this skill in a production environment yet. The repository appears to be a draft: class and function names in SKILL.md/__init__.py do not match main.py, the documented API (analyze(), save(), CSV/figure output, CLI flags) is missing, and import errors will likely occur. Suggested next steps before trusting or using the skill: 1) Ask the author for a corrected release where exported names match implementation and the documented API/CLI are implemented. 2) Run the package in an isolated sandbox (e.g., ephemeral VM or container) to confirm there are no unexpected file/network operations. 3) Inspect and/or run unit tests that exercise real image input, CSV export, and plotting to verify behavior. 4) If you need to use it now, patch or extend main.py to implement the documented interface and add explicit file-path validation (prevent ../ traversal), then run on non-sensitive sample images first. The current inconsistencies look like incomplete packaging rather than deliberate malicious behavior, but do not proceed until fixed and reviewed.

Like a lobster shell, security has layers — review code before you run it.

latestvk97apqqgj3affj8ja4kc29zv6582t7ym

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments