Back to skill
Skillv1.0.1
ClawScan security
ADMET PK/PD Predict · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 18, 2026, 3:25 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requests, instructions, and small helper code align with its stated purpose of calling SciMiner's ADMET prediction APIs and only require the SciMiner API key; nothing in the package appears disproportionate or unrelated.
- Guidance
- This skill appears to do what it claims: call SciMiner's ADMET prediction APIs. Before installing, confirm you trust sciminer.tech (privacy, data retention, and account security) because the skill will send molecule structures and uploaded files to that service. Protect your SCIMINER_API_KEY like any API credential — it grants access to your SciMiner account. If you need to keep structures private, do not use an external API or check SciMiner's privacy/terms first. If you want additional assurance, review SciMiner's documentation or test with non-sensitive example molecules before sending proprietary data.
Review Dimensions
- Purpose & Capability
- okThe name/description match the included registry and SKILL.md: the skill invokes SciMiner internal prediction endpoints for ADMET, pKa, solvation energy, descriptors, etc. The single required environment variable (SCIMINER_API_KEY) is the expected credential for accessing SciMiner's API.
- Instruction Scope
- noteRuntime instructions are focused on calling SciMiner endpoints, polling for results, and uploading input files via the stated API paths. Important operational guidance (e.g., always use SciMiner's BASE_URL, send X-Auth-Token) is explicit. Note: using the skill will transmit SMILES and any uploaded files to sciminer.tech and instructs the agent to include the returned share_url in user-facing summaries — users should be aware that chemical structures and associated data will leave the local environment.
- Install Mechanism
- okNo install spec (instruction-only with two small Python helper files). No downloads, installers, or archive extraction are present.
- Credentials
- okOnly one required env var (SCIMINER_API_KEY) is declared and used as the primary credential; that is proportionate to a skill that calls an external API. The SKILL.md shows the API key is sent in X-Auth-Token header; no unrelated secrets or additional credentials are requested.
- Persistence & Privilege
- okalways is false, the skill does not request forced/system-wide persistence or modification of other skills, and contains no instructions to alter agent/system configuration.