Bioinfo Daily
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears aligned with generating PubMed-based bioinformatics daily reports, with expected external API use, optional scheduled delivery, and credential handling that users should configure carefully.
This looks reasonable for its stated purpose. Before installing, confirm you trust the source, configure only the NCBI credentials it needs, keep any `.env` file private and simple, and enable the cron/Feishu workflow only if you want daily scheduled activity.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You need to provide a PubMed/NCBI API key and email; these credentials are used for the intended PubMed search workflow.
The script sends the configured NCBI email and API key to PubMed E-utilities as part of expected API requests.
"email": NCBI_EMAIL,
"api_key": NCBI_API_KEY,Use a dedicated NCBI API key, avoid storing unrelated secrets in the skill directory, and rotate the key if it is exposed.
Search terms may leave your environment and be processed by the configured web-search provider.
The documentation discloses that the fallback search script sends search queries to an external configured search provider.
`search_bioinfo.py`: 调用 OpenClaw 的 `web_search` 工具(会发送到配置的搜索提供商)
Do not include private patient, unpublished, or confidential research data in custom search topics unless the configured provider is approved for that data.
If enabled, the task may continue sending daily report prompts or output until you remove it.
The README provides an optional scheduled task that persists and posts to a Feishu channel.
openclaw cron add \ --name "生物信息学日报" \ --cron "0 19 * * *" \ --tz "Asia/Shanghai" \ --channel feishu
Only add the cron job if you want ongoing scheduled activity, and use `openclaw cron list` or the relevant removal command to manage it.
A tampered or unsafe `.env` file could run commands when this wrapper script is executed.
The shell wrapper loads `.env` with `source`, which can execute shell syntax if that local file contains more than simple key-value assignments.
if [ -f "$SKILL_DIR/.env" ]; then
source "$SKILL_DIR/.env"
fiKeep `.env` trusted and limited to simple NCBI_EMAIL/NCBI_API_KEY assignments; prefer a safer env parser or file permissions that prevent unauthorized edits.