Dreamer

Dreamer 开发指南。Dreamer 是一个用于药物递送智能响应材料设计的量子原生AI智能体系统。代码库包括分子生成（MoE/稠密LLM）、量子/深度学习分类器、化学分析工具和情报监控。可以用于分子的从头设计、性质标注、筛选推荐，并输出可直接用于高层路演与决策的分析报告

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 0 · 10 · 0 current installs · 0 all-time installs

by@z-kuki

MIT-0

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

Name/description (molecule generation, quantum/classical classifiers, visualization, web monitoring) align with the included modules (ddllms_v1, vis_classifier, chem_utils, web_monitor). The requested capabilities (Qiskit/Braket, RDKit, PyTorch) are coherent with the intended quantum/ML chemistry workflows. However, the codebase expects heavy preinstalled dependencies and model downloads (HuggingFace models), which is proportionate to the functionality but operationally heavy for a simple consumer install.

!

Instruction Scope

SKILL.md forces the agent to 'personally call and execute' many Python modules in a native sandbox and to always read knowledge_data/latest_research.txt before generation. It also instructs to output full error tracebacks to the user on failures. Mandatory native execution plus printing full tracebacks increases the chance of exposing local paths, debug information, or sensitive content. The requirement to check a local file and to run web scraping (web_monitor.py) are explained by the skill purpose but broaden the data sources the agent will access and produce.

ℹ

Install Mechanism

There is no install specification (instruction-only at registry level), which reduces supply-chain risk from installer scripts. However many modules call transformers.from_pretrained and will pull large model weights from external model hubs (HuggingFace). That is expected for an LLM-driven pipeline but still involves network downloads at runtime rather than a reviewed, pinned install step.

ℹ

Credentials

The skill declares no required environment variables or credentials, which is proportional. It does assume availability of GPU & heavy packages preinstalled in the sandbox (PyTorch 2.0+, Qiskit, AWS Braket, RDKit). That assumption is consistent with the purpose but means the skill expects privileged runtime capabilities (GPU, network) — acceptable for the domain but worth verifying before use. Also, the instruction to dump full tracebacks could reveal more local state than necessary.

✓

Persistence & Privilege

always:false and disable-model-invocation:false (normal). The skill does not request persistent system-wide privileges, nor does it declare writes to other skills' configs. It does instruct runtime writes/reads to local paths (e.g., saving .npy files, reading knowledge_data/latest_research.txt), which is consistent with its workflow.

What to consider before installing

What to consider before installing/using this skill: - The skill's components match its stated purpose (molecule generation, quantum/classical classifiers, visualization) but the codebase contains many coding errors and undefined names (indentation errors, undefined variables like BNUM/MAX_ENUM, broken returns, typos). Running it as-is is likely to produce crashes and lots of tracebacks. - SKILL.md requires the agent to execute the included Python scripts natively and to read knowledge_data/latest_research.txt before generation. That means the agent will run unreviewed code and read local files; don't expose proprietary or sensitive molecules or credentials to this environment until you validate behavior. - The skill will likely download large model weights from external hubs (transformers.from_pretrained). Verify network policies and provenance of referenced model names (e.g., laituan245/t5-v1_1-base-caption2smiles) before allowing downloads. - The skill's web_monitor component (not fully shown) performs web scraping and writes to local knowledge files — review that script to confirm which sites/endpoints it contacts and whether it transmits data externally. - The SKILL.md requires printing full error tracebacks to the user on failure; consider suppressing/cleaning tracebacks in production to avoid leaking local system information. Recommended actions: - Run the code in an isolated, restricted sandbox (no access to sensitive local files or credentials) and with network egress controlled. Test with dummy SMILES and empty knowledge_data. - Inspect web_monitor.py and any code that performs network I/O to confirm endpoints and data handling policies. - Fix / statically review the obvious Python bugs before running heavy jobs (or ask the maintainer for a clean release). If you cannot verify the author or provenance (no homepage, unknown owner), be conservative: do not use with private IP or regulatory-sensitive data until you can audit the code and runtime behavior.

✗

scripts/ddllms_v1/ddllms_generator_v1.py:49