ClawHub

Genome Report

v1.0.0

Analyze 23andMe raw genome data to generate comprehensive health, trait, and family comparison reports. Supports cardiovascular, cognitive, metabolic, pharma...

0· 42·0 current·0 all-time
by@nomadrex
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description align with provided artifacts: a Python script that parses 23andMe v5 raw files and a local SNP database (references/snp_database.json) are present and sufficient for the stated functionality. The skill does not request unrelated binaries, cloud credentials, or external services.
Instruction Scope
SKILL.md instructs running the included Python script and editing the local SNP JSON for updates — this stays within the scope of local genotype analysis. The script reads local genome .txt files, produces text/json/html output, and can scan a directory for family comparisons (glob("*.txt")). It does not appear to make network calls or access external endpoints. Caveat: SKILL.md triggered a unicode-control-chars prompt-injection signal which may be an attempt to manipulate LLM behavior; inspect the full SKILL.md for hidden/control characters before trusting automated agents.
Install Mechanism
No install spec; skill is instruction-only with bundled Python script and data. No downloads, package installs, or archive extraction are declared.
Credentials
The skill requires no environment variables, credentials, or config paths. That is proportionate to its local file-processing purpose.
Persistence & Privilege
Skill does not request always: true and does not modify other skills or system-wide settings. It runs as-invoked and writes report files to local paths (output_path), which is expected behavior.
Scan Findings in Context
[unicode-control-chars] unexpected: The scanner found unicode control characters in SKILL.md. These characters are not necessary for a README/instruction file and can be used to manipulate LLM prompt parsing or hide content. Treat as suspicious: open SKILL.md in a hex-aware editor and remove or inspect any non-printable characters before running in an automated agent.
Assessment
This skill appears internally consistent for local analysis of 23andMe raw files: it parses .txt files, compares genotypes to a bundled SNP database, and writes reports. Before installing or running it, do the following: (1) Inspect the full SKILL.md and the entire genome_report.py for hidden/control characters, network calls (urllib/requests), subprocess exec, or obfuscated code — the pre-scan flagged unicode control chars which can hide prompts. (2) Because genomic data is highly sensitive, run this code locally in a sandbox or isolated VM and do not upload genome files to unknown services. (3) Review references/snp_database.json for accuracy and provenance — the interpretation text can be edited and is not medical advice. (4) If you plan to let an autonomous agent invoke the skill, consider disabling autonomous invocation or restricting the agent's access to genome files; otherwise an agent could process private files without explicit user consent. (5) If you need stronger assurance, ask the publisher for source provenance, a signed release, or run static analysis and a full audit of the script (the provided snippet was truncated in the manifest output; verify the full file).

Like a lobster shell, security has layers — review code before you run it.

latestvk9792qg84whk6rge1j4qqdh1dd841bjt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments