Peptide Design
PassAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for SciMiner peptide design workflows, but users should notice that it uses a SciMiner API key, uploads selected scientific files to SciMiner, and suggests adding persistent agent instructions.
This appears safe to use for its stated SciMiner peptide-design purpose if you are comfortable sending selected structure files to SciMiner and storing a SciMiner API key locally. Keep the API key file private, add any persistent instruction only to the relevant project, and review SciMiner's data-handling policy before uploading sensitive research data.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using the skill must protect the SciMiner API key because it can authorize requests to the user's SciMiner account.
The skill requires a SciMiner API key stored locally and later used for authenticated API calls. This is expected for a SciMiner integration, but it is still credential handling.
Store the required credential in a persistent user-level config file ... printf '{"api_key":"your_api_key_here"}\n' > ~/.config/sciminer/credentials.jsonUse a dedicated SciMiner API key if possible, keep the file permissions restricted as shown, and rotate the key if it is exposed.
Protein, ligand, peptide, or structure files chosen for a task may be sent to SciMiner for processing.
The invocation pattern uploads local input files to SciMiner before invoking the workflow. This is consistent with docking/design tasks, but users should know selected files leave the local machine.
def upload_file(path: str) -> str:
"""Upload a local file and return the SciMiner file_id."""
with open(path, "rb") as fh:
resp = requests.post(
f"{BASE_URL}/v1/internal/tools/file"Upload only files intended for SciMiner processing, and avoid sending confidential structures unless SciMiner's terms and data handling are acceptable.
Future agent sessions may remember to read the SciMiner credential path, which is useful but should not be added to broad/global memory unnecessarily.
The skill suggests creating persistent instructions that future agents may follow. The content is limited to the SciMiner credential path and secrecy guidance, but persistence across tasks is notable.
For persistent agent behavior across tasks, add an instruction to the relevant agent memory or project instruction file such as `CLAUDE.md`, `AGENTS.md`, or the Codex/OpenClaw equivalent
If adding this instruction, scope it to the relevant project and store only the credential path, not the API key value.
Users have less external context for who maintains the skill or where to verify updates.
The skill has limited provenance metadata. No malicious behavior is shown, and the static scan is clean, but the origin is not independently described.
Source: unknown Homepage: none
Prefer installing from trusted publishers or verify the included SKILL.md and registry file before relying on the workflow.