ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Fastqc Report Interpreter

v0.1.0

Use when analyzing FASTQC quality reports from sequencing data, identifying quality issues in NGS datasets, or troubleshooting sequencing problems. Interpret...

0· 74·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The SKILL.md describes parsing FastQC HTML and fastqc_data.txt, batch analysis, and an API (parse_metrics, analyze, analyze_batch) appropriate for FastQC outputs. The included code (scripts/main.py) implements a FastQCInterpreter that operates on a JSON dict (loaded via --report) and provides methods named interpret_report/interpret_module/print_report. It does not parse HTML or fastqc_data.txt, nor does it implement the batch CLI options or file formats documented. This mismatch means the skill as packaged cannot perform the documented end-to-end task without additional conversion or missing files.
!
Instruction Scope
SKILL.md instructs importing from scripts.fastqc_interpreter and using scripts/fastqc_interpreter.py CLI flags (e.g., --input sample_fastqc.html, --batch "*fastqc.html" --output report.pdf), references files like fastqc_data.txt and a troubleshooting file references/troubleshooting.md. The actual script is scripts/main.py and its CLI expects --report (JSON). The instructions reference endpoints/functions not present and file paths not included. This is misleading and could cause users or an agent to run nonexistent commands or mis-handle file formats.
Install Mechanism
No install spec and no external downloads — instruction-only plus a small Python script. This is low-risk from an install perspective because nothing is fetched or installed automatically.
Credentials
No required environment variables, credentials, or config paths are declared or used. The code does not access environment variables or network resources. Credential/access requests are proportionate (none).
Persistence & Privilege
always is false and the skill does not request elevated or persistent privileges. It does not modify other skills or system settings.
What to consider before installing
Do not assume the skill will work as documented. The documentation (SKILL.md) and examples refer to modules, filenames, and CLI options that are missing or different from the included script: SKILL.md imports scripts.fastqc_interpreter and shows HTML/text parsing and batch features, but the shipped script is scripts/main.py which expects a JSON report via --report and only provides interpret_report/print_report. Before installing or granting this skill autonomous access, ask the author to: 1) provide the missing parser(s) for FastQC HTML/fastqc_data.txt or clearly document that input must be pre-converted to JSON; 2) correct the import/module and CLI examples in SKILL.md to match the actual entrypoint; and 3) include any referenced files (e.g., references/troubleshooting.md) if needed. If you still want to test it, run the script in a sandbox with non-sensitive demo JSON to confirm behavior. The current inconsistencies are likely a packaging/documentation error but make the skill unreliable and could confuse automated agents into trying nonexistent commands.

Like a lobster shell, security has layers — review code before you run it.

latestvk972z7rpcq536hnktj9sbww8r9839s34

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments