ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ihc If Optimizer

v1.0.0

Optimize IHC/IF protocols for specific tissues and antigens

0· 45·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The Python script implements a protocol recommender for tissues and antigen locations and therefore aligns with the skill name and description. However, the SKILL.md advertises additional CLI options and parameter names (e.g., --tissue-type, --antigen, --detection-method, --output, --format) that are not implemented in scripts/main.py, indicating documentation and capability drift.
!
Instruction Scope
SKILL.md instructs usage with parameter names and output options that differ from the script. The script actually expects --tissue / -t, --antigen-location / -a (with specific choice values), --difficulty / -d, and supports --list-tissues. The SKILL.md's suggested output file/format behavior is not implemented. This mismatch could cause an agent or user to invoke non-existent flags or expect file-writing/network behavior that doesn't exist.
Install Mechanism
No install specification or external downloads are present; the skill is instruction-plus-bundled-script only. The script uses only the standard argparse module and requires no external packages or network installers.
Credentials
No environment variables, credentials, or config paths are requested. The script does not access environment variables or external services.
Persistence & Privilege
The skill does not request always:true and is user-invocable by default. It does not modify other skills or system-wide configuration and requests no elevated persistence.
What to consider before installing
This skill's code appears to do what it claims (generate protocol recommendations) and does not request credentials or network access, but the SKILL.md and the included script disagree about how to call the tool and what features it supports. Before installing or running it: 1) Verify and reconcile CLI parameter names (update SKILL.md to match --tissue, --antigen-location, --difficulty, or modify the script to implement the documented flags). 2) Test the script locally in a safe sandbox to confirm behavior (it currently prints to stdout and does not write files). 3) Don't feed patient-identifiable or sensitive sample metadata into the tool without appropriate handling — the skill does not claim any data protections. 4) Because the package is marked Draft and the docs are inconsistent, prefer manual review and unit tests (including invalid-flag handling) before enabling autonomous invocation in agents.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dm5s1s44c53zgvd40vg95hd83jdnb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments