ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Multi-Omics Integration Strategist

v1.0.0

Design multi-omics integration strategies for transcriptomics, proteomics, and metabolomics data analysis

0· 46·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name and description (multi‑omics integration) match the included script, pathway config, and report templates. However the SKILL.md lists many higher‑level dependencies (gseapy, seaborn, matplotlib, plotly, complexheatmap, R tools, etc.) while requirements.txt is minimal and omits several libraries mentioned in the docs. SKILL.md references config/mapping.json and an examples/sample_data directory that are not present in the file manifest. These mismatches suggest sloppy packaging or missing files rather than malicious intent.
Instruction Scope
Runtime instructions ask the user to run scripts with input CSVs and to export results for visualization. The instructions do not tell the agent to read unrelated system files, environment variables, or to contact unknown external endpoints. All file reads are confined to user-provided omics CSVs and local config files.
Install Mechanism
There is no install spec (instruction-only skill) so nothing is automatically downloaded or executed on install. That is lower risk. However the package lacks a complete requirements list; SKILL.md mentions more packages than requirements.txt contains. The missing dependency declarations increase the chance users will manually install libraries from the internet, and the manifest's incomplete packaging is a reliability concern.
Credentials
The skill requests no environment variables, no credentials, and no privileged config paths. Nothing in SKILL.md or the code attempts to access cloud credentials or unrelated secrets.
Persistence & Privilege
The skill does not request persistent or elevated presence (always: false). It does not modify other skills or agent-wide settings. Autonomous invocation is allowed (platform default) but is not combined here with other red flags.
What to consider before installing
This skill appears to implement the advertised multi‑omics analysis, but treat it as prototype code rather than production software. Before running: (1) review scripts/main.py and templates yourself — there is at least one obvious bug (a variable name typo causing a NameError in the directional consistency function) and several functions are placeholders/simplified (ID mapping is naive). (2) Do not run on sensitive or production datasets until you verify behavior; run with small test CSVs in a sandbox. (3) Fix or complete missing pieces: SKILL.md references mapping.json and example data that aren't included, and lists plotting/enrichment packages not present in requirements.txt (e.g., gseapy, seaborn, matplotlib). (4) When installing deps, prefer pinned, audited packages and avoid blindly pip installing extra tooling. (5) If you lack the skills to audit Python code, ask a technical colleague to vet the script for correctness and for any unexpected network or I/O calls before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b6z2h6q7tpewts6aw5fhdrn83phyn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments