ClawBio Orchestrator
PassAudited by ClawScan on May 1, 2026.
Overview
This skill appears benign: it transparently routes bioinformatics requests to other skills, installs normal bio/data packages, and writes local reproducibility logs and reports.
Before installing, be comfortable that this skill may inspect bioinformatics files you choose, route work to named sub-skills, install biopython and pandas, and write local reports/logs/checksums. Review multi-step plans and keep generated reports or logs private when working with sensitive genomic or biomedical data.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A misrouted or overly broad approved workflow could send data or results through more sub-skills than the user expected.
This shows the skill is designed to chain and route work through other skills. That is disclosed and central to the stated orchestrator purpose, but users should understand that inputs and intermediate outputs may move across multiple analysis steps.
Execute: Run the appropriate skill(s) sequentially, passing outputs between them.
Review the proposed analysis plan before multi-step runs and use only sub-skills you trust for sensitive bioinformatics data.
Installation depends on the package sources resolved by uv at install time.
The skill installs third-party Python packages. These packages are expected for bioinformatics/data handling, and no install script is shown, but the versions are not pinned.
[0] uv | package: biopython; [1] uv | package: pandas
For stricter reproducibility, install in an isolated environment and consider pinning or locking dependency versions.
Generated reports and logs may expose sensitive filenames, workflow details, checksums, or analysis results if shared or synced unintentionally.
The skill intentionally creates persistent local records of analyses, input file names/checksums, commands, and actions. For genomic or biomedical work, those records can reveal sensitive project details even if raw data is not uploaded.
Generate structured markdown reports ... Input files: [list with checksums] ... Audit log: Append every action to `analysis_log.md` in the working directory.
Store outputs in a controlled directory, review reports/logs before sharing, and avoid placing sensitive runs in auto-synced public locations.