Skillv0.1.0

ClawScan security

Two Sample Mr Research Planner · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 13, 2026, 9:34 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only Mendelian randomization study planner whose inputs, references, and runtime instructions are coherent with its stated purpose and do not request unrelated credentials, installs, or privileged access.
Guidance: This skill is an instruction-only MR study planner and appears internally consistent. Before relying on outputs: (1) verify any specific dataset availability/dates and citations the planner cites (LLMs can hallucinate details); (2) do not paste unpublished or participant-level genetic/clinical data into the chat — the skill assumes summary-statistic-level planning only; (3) have an MR/statistics expert review final analysis plans and code before execution or publication; (4) if you plan to attach this skill to an agent that can fetch external GWAS files, review that agent's data-access behavior and ensure it uses authorized APIs and protects any sensitive tokens. Overall the skill is coherent for its stated purpose, but standard domain validation and data-handling care are still required.

Purpose & Capability: okThe name/description (two-sample MR research planner) matches the content: stepwise study designs, instrument benchmarks, GWAS source recommendations, and deliverables. Required binaries/env/configs are none, which is appropriate for a prose planning tool.
Instruction Scope: okSKILL.md and the two reference files contain prescriptive guidance for designing MR studies (data selection, instrument thresholds, sensitivity analyses, figure plans). Instructions remain within the domain of study design and reporting; they reference external GWAS resources but do not tell the agent to read unrelated system files, access credentials, or transmit data to hidden endpoints.
Install Mechanism: okNo install spec and no code files — the skill is instruction-only, which minimizes on-disk risk. There are no downloads, third-party packages, or binaries requested.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. The references point to public GWAS portals and literature; no disproportionate secret access is requested.
Persistence & Privilege: okThe skill does not request persistent or elevated privileges (always:false). It does not attempt to modify other skills or system settings; autonomous invocation is platform-default but this skill's content does not increase that risk.