ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Primer Design Check

v1.0.0

Check primers for dimers, hairpins, and off-target amplification

0· 32·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name/description promise: dimer, hairpin, and off-target amplification. The included Python implements Tm/GC%, a simple hairpin and self-dimer heuristic, and prints results — but there is no off-target BLAST, no template-based off-target scanning, and no network or BLAST invocation in the code. The SKILL.md claims off-target BLAST results (and lists 'template' as a parameter) which the code does not implement; this is a clear mismatch between claimed capability and actual implementation.
Instruction Scope
SKILL.md parameters and returns suggest more functionality than exists (template input, BLAST). The runtime instructions and code operate locally and only read command-line arguments / print output. The SKILL.md also references file reads/writes and workspace outputs in the Risk Assessment, but the code only prints to stdout; those statements are misleading. The SKILL.md's security checklist and sandbox recommendations are generic and not enforced by the code. Also note minor missing input validation in code (e.g., empty sequence can cause division by zero when computing GC%).
Install Mechanism
No install spec; instruction-only skill with an included Python script. No external downloads, package installs, or unusual install behavior are present.
Credentials
No environment variables, credentials, or config paths requested — proportionate to the implemented local checks.
Persistence & Privilege
Skill does not request persistent or elevated privileges; always:false and no modifications to other skills or system configurations are indicated.
What to consider before installing
This skill is inconsistent: the documentation promises off-target BLAST and template-based analysis but the provided script only does simple local checks (Tm, GC%, naive hairpin/dimer heuristics). If you need off-target analysis you should not rely on this skill as-is. Before installing or using it: (1) review and test the script on non-sensitive example sequences; (2) don't assume it performs BLAST or template scanning — ask the author or implement proper BLAST integration (local BLAST+ or NCBI services) if needed; (3) run it in a sandboxed environment and validate edge cases (empty sequences, non-ATGC characters); (4) consider established tools (Primer3, Primer-BLAST) for production or experimental use; and (5) request fixes for the documentation-code mismatch and for basic input validation (avoid divide-by-zero and sanitize inputs) before trusting outputs for lab work.

Like a lobster shell, security has layers — review code before you run it.

latestvk971zfbsrd0m5e3n48ffaetzgx83z5bg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments