ClawBio Orchestrator

This orchestrator mostly does what it says, but review a few things before installing: - Source and provenance: the registry metadata points to a homepage but 'Source' is unknown; verify the GitHub repo and integrity of the package before trusting it. - Safety promises vs implementation: SKILL.md promises to refuse paths outside the working directory and to never upload genomic data without explicit consent, but the shipped orchestrator.py does not enforce those restrictions. Assume the code will read any file path you pass and will write logs/reports to the specified output directory unless you sandbox it. - Install mechanism: the install uses 'uv' to add biopython and pandas. Clarify what 'uv' means in your environment (pip/conda/wrapper?) and whether these packages are actually needed — unnecessary installs increase attack surface. - File handling: the tool computes SHA-256 checksums by reading files end-to-end, which can read large/genomic files into the runtime; be cautious about giving it sensitive patient/genomic data without explicit consent and isolation. - Sub-skill trust: the orchestrator lists and routes to many sub-skills (vcf-annotator, seq-wrangler, etc.). Those sub-skill directories and their SKILL.md/code determine the real behavior for operations like annotation or uploading — review each sub-skill before allowing automated runs. - Recommended mitigations: run inside an isolated environment or container, avoid passing sensitive files until you've audited sub-skills, and ask the maintainer to (a) implement enforced path checks and explicit upload confirmation in code, and (b) clarify the install mechanism and necessity of listed packages.