v1.0.4

SMILES-to-Docking Virtual Screening

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 2:10 PM.

Analysis

The docking workflow is purpose-matched, but crafted ligand or path names could write outside the intended output folder or influence shell commands.

GuidanceReview this skill before installing. If you use it, run it in a dedicated environment, keep ligand and protein filenames simple and trusted, avoid processing untrusted ligand lists, and prefer a patched version that removes shell=True usage and constrains all output paths.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

scripts/smiles_to_sdf.py

name = parts[1].strip() if len(parts) > 1 else f"lig_{lineno:04d}"; sdf_path = ligands_dir / f"{name}.sdf"; with SDWriter(str(sdf_path)) as w:

Ligand names come directly from the SMILES input file and are used to construct output paths. Names containing path traversal segments or absolute paths could write outside the intended ligands directory.

User impactA crafted ligand list could create or overwrite files outside the expected output folder using the user's local permissions.

RecommendationSanitize ligand names to safe basenames, reject path separators and absolute paths, and verify resolved output paths remain under the intended output directory before writing.

Unexpected Code Execution

SeverityHighConfidenceHighStatusConcern

scripts/prepare_ligand.py

cmd = f'obabel "{sdf_path}" -O "{out_pdbqt}" --partialcharge gasteiger -h'; result = subprocess.run(cmd, shell=True, capture_output=True)

SDF filenames from the input directory are interpolated into a shell command and executed with shell=True. Filenames containing quotes or shell metacharacters can alter the command.

User impactProcessing a maliciously named ligand file could run unintended shell commands as the local user.

RecommendationUse subprocess.run with an argument list and shell=False, sanitize filenames, and audit the other Open Babel subprocess calls for the same pattern.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

pip install "numpy<2"; pip install rdkit-pypi meeko biopython; conda install -c conda-forge openbabel autodock-vina

The skill depends on external packages and binaries, which is expected for this workflow, but versions and provenance are mostly not pinned and the registry metadata does not formally declare these requirements.

User impactInstallation behavior may vary by package-channel state, and users must manually trust the referenced package sources.

RecommendationUse a pinned environment file or lockfile, declare required binaries in metadata, and install only from trusted package channels.