Skillv1.0.0

ClawScan security

strain identification · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 13, 2026, 2:11 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's high-level description matches the files, but the implementation does not actually retrieve real BLAST results (it returns a hard-coded placeholder), so the claimed capability is inconsistent with the code; otherwise there are no obvious credential or persistence abuses.
Guidance: This skill mostly matches its advertised purpose (parsing local FASTA files, producing a Word report and structured table data), but the BLAST step is implemented incorrectly: run_blast posts to NCBI but returns a hard-coded result rather than retrieving and parsing the actual BLAST output. Before using for real diagnostics or reporting, review and test the code: update run_blast to poll/fetch the RID results from NCBI and parse real matches, or verify results externally. Also note that using this skill will send sequence data to NCBI (an external service); do not use it with sensitive or patient-identifiable sequences unless you have approval. Finally, confirm you are comfortable with pip installing the declared dependencies from PyPI.

Review Dimensions

Purpose & Capability: concernName/description promise: parse sequencing files → run NCBI BLAST → produce DingTalk data and Word report. The code parses FASTA/SEQ and posts a BLAST 'Put' request to NCBI, which superficially matches the description, but run_blast returns a hard-coded result (fake strain/similarity/accession) instead of fetching and parsing actual BLAST results. This is a capability mismatch: it claims to perform full online BLAST alignment but the implementation does not deliver real alignment output.
Instruction Scope: noteSKILL.md instructs using local file_path and report_template and to call NCBI online BLAST. The code follows that scope (reads the provided file and template and generates a Word report and structured DingTalk data). It does make an outbound HTTP POST to blast.ncbi.nlm.nih.gov and reads only the provided input files; it does not access other system files or environment variables. However, the run_blast workflow is incomplete (it posts but does not wait for/fetch results), which is a functional issue rather than an explicit privacy leak.
Install Mechanism: okThere is no install spec in the manifest (instruction-only-style), but requirements.txt lists common Python packages (biopython, python-docx, requests). This is typical for a Python skill and implies pip installation of those deps; no unusual remote installers or archive downloads are present.
Credentials: okThe skill requests no environment variables, no credentials, and no config paths. It generates DingTalk-format data but does not attempt to post to DingTalk or require a DingTalk token. The only external network access is to blast.ncbi.nlm.nih.gov (NCBI).
Persistence & Privilege: okThe skill is user-invocable and not marked always:true. It does not modify other skills or system settings and does not request persistent elevated privileges.