Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
NutriGx Advisor
v0.2.0Generates a personalized nutrition report from consumer genetic data analyzing key SNPs to provide actionable dietary and supplementation guidance.
⭐ 0· 349·4 current·5 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (personalised nutrition from consumer genetic data) align with the included code: parsing 23andMe/Ancestry/VCF, extracting SNPs from a curated panel, scoring variants, and producing a markdown report and figures. No unrelated cloud credentials, binaries, or system-level access are requested.
Instruction Scope
SKILL.md and the scripts are narrowly scoped to parsing local genotype files, scoring a fixed SNP panel, and generating reports. They operate on user-supplied genetic files (sensitive data) and create a reproducibility bundle that writes hashes and provenance (including the input filename) into the output directory. There are no instructions or code that transmit data to external endpoints.
Install Mechanism
There is no platform install spec (instruction-only at registry level) and all behavior is implemented in the bundled Python files. The reproducibility environment.yml includes a pip dependency 'clawbio==0.1.0' which, if a user follows the reproducibility steps, would install code from PyPI (or configured pip index). Installing arbitrary pip packages is the only non-local dependency risk here and should be reviewed before use.
Credentials
The skill declares no required environment variables or credentials and the code does not access hidden config paths. All access is to files the user provides (input genotype files, local data/snp_panel.json). No secrets or unrelated environment access is requested.
Persistence & Privilege
Skill flags are default (always: false, user-invocable true). It does not request permanent platform presence nor modify other skills or global agent settings. Files written are limited to the specified output directory (report, figures, checksums, provenance).
Assessment
This skill appears to do what it says: local parsing of consumer genotype files and generation of a nutrition report. Before installing or running it, consider the following:
- Sensitive data: the tool processes personal genetic files. Only run it on data you control and trust the machine to handle; do not upload those files to third parties unless you explicitly consent.
- Provenance & outputs: the reproducibility bundle writes checksums and a provenance.json that includes the input filename into the output directory. If filenames are sensitive, either rename or remove them before sharing outputs.
- External dependency: environment.yml includes a pip package (clawbio==0.1.0). If you recreate the conda/pip environment, review that package's source and trustworthiness before installing it. Running the included scripts without creating the conda env will use only the bundled code, but you still need the listed Python libraries installed locally.
- Isolation: run the skill in an isolated environment (virtualenv / dedicated VM / container) if you have privacy or supply-chain concerns.
- Source verification: registry metadata shows 'Source: unknown' and no homepage. If you require provenance, ask the publisher for a source repo or digital signatures before relying on this for clinical decisions.
If you only need a quick, local test, use the provided synthetic patient file and review outputs before processing real genetic data.Like a lobster shell, security has layers — review code before you run it.
latestvk9777svedjy24e5xfz7rvwk2z58211sj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.