Back to skill
Skillv1.0.4
VirusTotal security
SMILES-to-Docking Virtual Screening · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 2:51 PM
- Hash
- aed5f71dc9c8f66ce717937fe41a23d7a17507a00d9852db820fd0604224bd34
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: smiles-to-docking Version: 1.0.4 The skill bundle implements a legitimate molecular docking workflow using AutoDock Vina. It is classified as suspicious due to multiple shell injection vulnerabilities in scripts/prepare_ligand.py, scripts/prepare_protein.py, and scripts/rank_results.py, where subprocess.run is called with shell=True using f-strings for command construction. While the logic appears aligned with its stated scientific purpose and no evidence of intentional malice (such as data exfiltration or backdoors) was found, the lack of input sanitization on file paths poses a security risk if filenames are maliciously crafted.
- External report
- View on VirusTotal