OpenBio
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: openbio Version: 1.0.6 The skill bundle is classified as suspicious due to its broad file system access capabilities and the use of the `--agent '*'` flag during reinstallation, which grants extensive permissions to the OpenClaw agent. Specifically, the `edit_plasmid` tool documented in `rules/plasmid.md` allows reading and writing arbitrary local files (GenBank, SnapGene) and performing powerful modifications (insert, delete, replace sequence, manage annotations). While these capabilities are necessary for the skill's stated purpose of bioinformatics and plasmid editing, they represent significant attack surfaces if the AI agent were to be compromised or tricked via prompt injection into operating on sensitive or critical files outside the intended scope. No explicit malicious intent, data exfiltration to unauthorized domains, or persistence mechanisms were found within the skill's instructions or code.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If followed automatically, the agent could change the installed OpenBio skill for all agents on the system without giving the user a chance to review the new source or version.
The fallback update path removes and reinstalls the skill globally for all agents with auto-confirmation. That is a persistent, high-impact install action and is not clearly gated on explicit user approval.
If that fails, remove and re-install: bunx skills remove openbio --global -y bunx skills add openbio-ai/skills --skill openbio --global --agent '*' -y
Require explicit user approval before any update or reinstall, avoid --agent '*' and -y by default, and pin or clearly verify the source/version before changing installed skills.
The agent will be able to use the user’s OpenBio API access for tool calls, job submission, and job/result retrieval.
The skill needs a delegated OpenBio API key to invoke authenticated provider tools. This is expected for the integration, but the registry metadata declares no required env vars or primary credential.
**Required**: `OPENBIO_API_KEY` environment variable.
Use a revocable OpenBio API key, store it securely, and confirm which actions may consume quota or access prior job data.
Biological structures, sequences, designs, or other uploaded files may leave the local environment and be processed by OpenBio.
The skill documents uploading selected local biological files to the external OpenBio API. This is purpose-aligned, but it is still a provider data-transfer boundary users should notice.
Some tools accept files: curl -X POST "https://api.openbio.tech/api/v1/tools" ... -F "pdb_file=@/path/to/structure.pdb" **Max file size**: 50MB
Only upload files the user has selected and is allowed to share with OpenBio, especially for proprietary, unpublished, regulated, or patient-related data.
The agent may invoke OpenBio tools, including long-running computational jobs, under the user’s API key.
The skill exposes a generic provider endpoint that can invoke many OpenBio tools by name and parameters. This is central to the skill’s purpose and the docs instruct schema checking, but it can still submit jobs and consume provider resources.
Invoke a Tool
curl -X POST "https://api.openbio.tech/api/v1/tools" ... -F "tool_name=search_pubmed" ... -F 'params={"query": "CRISPR gene editing", "max_results": 5}'Have the agent confirm expensive, long-running, or quota-consuming jobs before submission and continue using the documented schema/validation checks.