ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Cnv Caller Plotter

v0.1.0

Detect copy number variations from whole genome sequencing data and generate publication-quality genome-wide CNV plots. Supports CNV calling, segmentation, a...

0· 100·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name and SKILL.md describe full CNV detection, segmentation, and publication-quality plotting. However, the included scripts/main.py is a tiny, self-contained placeholder: call_cnvs() returns two hard-coded example calls, plotting is a stub that just prints a path, and there is no use of genomics libraries or any real processing of BAM/VCF/FASTA files. The declared capabilities exceed the actual implemented capabilities.
Instruction Scope
SKILL.md instructs the agent to process BAM/VCF and reference FASTA files and to integrate with upstream/downstream skills; those instructions are reasonable for a CNV tool and do not request unrelated system secrets or network endpoints. However, the instructions assume functionality that the code does not provide, which could mislead users or agents into thinking full analysis will be performed.
Install Mechanism
No install spec (instruction-only plus a small local script). This lowers risk since nothing is downloaded or written to disk beyond the included files; no external URLs or package installs are requested.
Credentials
The skill requests no environment variables, no credentials, and no config paths. That is proportionate to the actual (stub) code and acceptable for an offline genomics utility. Be aware the tool will read user-supplied genomic files on disk when invoked.
Persistence & Privilege
always is false, the skill is user-invocable and not forced into every agent run. The skill does not attempt to modify other skills or system-wide config.
What to consider before installing
This skill appears to be an overpromised prototype: the documentation describes full CNV calling and plotting but the included Python implements only placeholder behavior (returns two example CNVs and stubs plotting). Before installing or using it: 1) Do not assume it performs real CNV analysis—review and test the code on known datasets. 2) If you need production-grade CNV calling, prefer well-known, validated tools (CNVkit, Control-FREEC, Canvas, etc.) or require the author to add proper implementations and dependency declarations. 3) Because the skill will read local BAM/VCF and FASTA files and write outputs, ensure you run it in a secure environment and avoid exposing sensitive clinical/genomic data until the code is audited. 4) If you plan to use this skill as part of automated workflows, ask the maintainer for a proper implementation, dependency list (pysam, numpy, matplotlib, segmentation libraries), tests, and example datasets. 5) If you want, request clarification from the author about whether the current package is intentionally a demo/prototype and when a full implementation will be provided.

Like a lobster shell, security has layers — review code before you run it.

latestvk979g4jzvhhmbfqgefes55gged83586d

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments