ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

PharmGx Reporter

v0.2.0

Pharmacogenomic report from DTC genetic data (23andMe/AncestryDNA)

0· 406·7 current·9 all-time
by@manuelcorpas
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (PharmGx Reporter) match the included Python implementation and tests: the script parses 23andMe/Ancestry files, calls star alleles and phenotypes, and generates a markdown report. Minor metadata inconsistency: registry header lists no homepage/source while SKILL.md metadata references a ClawBio GitHub homepage — this is a bookkeeping mismatch but does not affect functionality.
Instruction Scope
SKILL.md and usage instruct running the local Python script with an input genotype file and output path. The instructions and included tests operate only on local files (demo_patient.txt) and the code's visible portions implement SNP/gene rule logic; there are no instructions to read unrelated system files, environment secrets, or to exfiltrate data.
Install Mechanism
No install spec is provided (instruction-only), which is low-risk. The skill nonetheless includes Python source and tests — expected for an instruction-driven script. There are no remote download URLs or package installs in the provided manifest.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. The code and SKILL.md do not reference external API keys or tokens in the visible content.
Persistence & Privilege
Flags show always:false and default model invocation settings. The skill does not request persistent or elevated platform privileges and does not modify other skills or system-wide config in the provided files.
Assessment
This package appears internally consistent and runs locally on a genotype text file to produce a research/educational PGx report. Before using: (1) do not treat output as clinical advice—follow the included disclaimer; (2) inspect pharmgx_reporter.py for any network calls or logging you don't want (the provided snippets show none, but review the whole file); (3) run the included tests in an isolated environment to confirm behavior; (4) avoid uploading real patient-identifiable data to untrusted systems—operate on de-identified files or in a secure local environment; (5) if you plan to use in a clinical context, consult qualified clinical genetics/pharmacology resources and validate against authoritative CPIC guidelines.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cpttfy17cw6hywzacsvh86x8205d4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments