Skillv0.1.0

ClawScan security

Western Blot Quantifier · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 13, 2026, 9:43 AM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The skill's description and docs promise a full Western-blot quantification API, but the shipped code and package metadata are inconsistent and incomplete — it looks like a draft or broken package rather than a ready, trustworthy skill.
Guidance: Do not install or run this skill in a production environment yet. The repository appears to be a draft: class and function names in SKILL.md/__init__.py do not match main.py, the documented API (analyze(), save(), CSV/figure output, CLI flags) is missing, and import errors will likely occur. Suggested next steps before trusting or using the skill: 1) Ask the author for a corrected release where exported names match implementation and the documented API/CLI are implemented. 2) Run the package in an isolated sandbox (e.g., ephemeral VM or container) to confirm there are no unexpected file/network operations. 3) Inspect and/or run unit tests that exercise real image input, CSV export, and plotting to verify behavior. 4) If you need to use it now, patch or extend main.py to implement the documented interface and add explicit file-path validation (prevent ../ traversal), then run on non-sensitive sample images first. The current inconsistencies look like incomplete packaging rather than deliberate malicious behavior, but do not proceed until fixed and reviewed.

Review Dimensions

Purpose & Capability: concernName/description match the general purpose (image-based band detection and quantification) and dependencies are appropriate for image analysis. However, the package metadata and SKILL.md refer to a WesternBlotQuantifier class and result objects (analyze(), save(), save_figures(), DataFrame outputs) that are not implemented in the included code. __init__.py attempts to import WesternBlotQuantifier, AnalysisResult, and BandRegion from main.py, but main.py defines a WBQuantifier class and none of the other names — this will cause import failures.
Instruction Scope: concernSKILL.md documents a Python API and CLI with options (--input, --reference, --targets, --lanes, output file saving, CSV exports, figure saving) that are not supported by the included main.py. main.py's CLI accepts --image and --demo only and contains only a demo-mode synthetic-image printout; there is no implemented image file I/O, CSV export, plotting, or analysis return object as described. The runtime instructions therefore overreach relative to the actual code.
Install Mechanism: noteNo install spec in registry; instructions use pip install -r requirements.txt which lists common, well-known Python packages for image/data processing (numpy, opencv-python, pandas, etc.). This is proportionate to the stated purpose. No remote downloads or obscure install sources detected.
Credentials: okThe skill does not request environment variables, credentials, or config paths. That is consistent with the described offline, local-image processing functionality.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated or persistent privileges. It is user-invocable and does not modify other skills or system-wide settings per the provided files.