ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

R Package Development — From Zero to CRAN & Bioconductor

v2.0.0

Build, check, and submit R packages to CRAN or Bioconductor. Use when creating a new R package from scratch, fixing R CMD check errors/warnings, preparing fo...

0· 104·0 current·0 all-time
by@cuiweig

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for cuiweig/r-package-dev.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "R Package Development — From Zero to CRAN & Bioconductor" (cuiweig/r-package-dev) from ClawHub.
Skill page: https://clawhub.ai/cuiweig/r-package-dev
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install r-package-dev

ClawHub CLI

Package manager switcher

npx clawhub@latest install r-package-dev
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description and the runtime instructions align: this is an instruction-only guide for building, testing, and submitting R packages to CRAN/Bioconductor and setting up CI. However, the SKILL.md directs uploads to an unexpected third-party URL (https://xmpalantir.wu.ac.at/cransubmit/) for CRAN submission. Official CRAN submissions normally use cran.r-project.org or the CRAN submission procedures; the provided URL does not match known official endpoints and is disproportionate to the stated purpose.
!
Instruction Scope
Most instructions stay on-topic (creating package skeleton, rcmdcheck, BiocCheck, GitHub Actions, S4 design). Concerning items: (1) telling users to upload tarball to https://xmpalantir.wu.ac.at/cransubmit/ and to follow a confirmation-email link — this could direct users to an untrusted endpoint; (2) recommending git filter-branch with forced push can rewrite repository history and is destructive if used incorrectly. The skill does not instruct arbitrary data collection, but the external submit endpoint and instructions that implicitly require user interaction with external sites are red flags.
Install Mechanism
No install spec and no bundled code — instruction-only. That minimizes filesystem and execution risk because nothing is downloaded or installed by the skill itself.
Credentials
The skill declares no required environment variables or credentials. Example CI snippets mention using GitHub Actions secrets (GITHUB_PAT/GITHUB_TOKEN) which is normal for CI; nothing in the skill unexpectedly requests unrelated credentials.
Persistence & Privilege
always:false and no code means the skill does not request persistent system presence or elevated platform privileges. There is no code that would autonomously persist configuration or manipulate other skills.
What to consider before installing
This skill is a comprehensive, instruction-only guide for R package development and CI, and most content is consistent with that purpose. However: - Do not upload package tarballs to unfamiliar URLs. The SKILL.md repeatedly references https://xmpalantir.wu.ac.at/cransubmit/ for CRAN submission — this is not an official CRAN endpoint. Confirm CRAN submission URLs with the official CRAN documentation (cran.r-project.org) before uploading anything or entering credentials. - Treat links in the skill as untrusted until verified. If the process requires clicking a confirmation email or visiting an external site, confirm that the host is official. - Be careful with git filter-branch and git push --force: these rewrite history and can break collaboration if used incorrectly. Back up repositories before running those commands. - The CI examples refer to using GitHub Actions secrets (GITHUB_PAT / secrets.GITHUB_TOKEN) — that is normal, but never paste personal tokens into unverified web forms or third-party upload pages. Use GitHub Actions secrets to keep tokens safe. - If you plan to follow Bioconductor procedures, cross-check the steps with Bioconductor's official contribution docs (contributions.bioconductor.org) and the support site. Given the unexpected submission endpoint and the potentially destructive git advice, proceed only after verifying the external URLs and backing up your repository. If you can, ask the skill author (or source) to confirm the CRAN submission endpoint and the rationale for any nonstandard steps.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fhrtg138eh3w7sjez9bjh0d83sn4p
104downloads
0stars
2versions
Updated 1mo ago
v2.0.0
MIT-0
@cuiweig
latest
Download

R Package Development — CRAN & Bioconductor

Package Skeleton

usethis::create_package("~/mypkg")
usethis::use_mit_license("Author Name")   # CRAN
# OR: License: Artistic-2.0              # Bioconductor standard
usethis::use_testthat()
usethis::use_vignette("introduction")
usethis::use_readme_md()
usethis::use_news_md()

Required: DESCRIPTION, NAMESPACE, LICENSE, NEWS.md, README.md, .Rbuildignore, .gitignore

DESCRIPTION

CRAN rules

  • Title: title case, ≤65 chars, no period
  • Description: ≥2 sentences, ends with period
  • Software names in quotes: 'CmdStan', 'OpenSSL'
  • Authors@R: use person() with aut, cre roles + ORCID
  • Imports: only packages actually called via :: or importFrom
  • Suggests: must have requireNamespace() guard in code

Bioconductor additions

  • Version: 0.99.0 for new submissions
  • biocViews: required (e.g., Genetics, Sequencing, QualityControl)
  • LazyData: false (Bioconductor requirement)
  • ≥2 Bioconductor packages in Imports
  • VignetteBuilder: knitr
  • Collate field listing all R/*.R files in dependency order

R/ Code Standards

Never use in R/ files:

ForbiddenUse instead
library() / require():: or @importFrom
T / FTRUE / FALSE
sapply()vapply() (type-safe)
1:length(x)seq_along(x) / seq_len(n)
cat() / print()message() (except in show methods)
options() / par()Never modify global state
@slot direct accessUse accessor generics
<<<-Never use global assignment
set.seed() / browser()Remove before submission

Documentation (roxygen2)

Every @export function must have:

  • @param for all arguments
  • @return describing the return value
  • @examples that run in <5 seconds
  • @references with DOIs for methods: \doi{10.xxxx/yyyy}

Use \donttest{} for slow examples. Never \dontrun{}.

S4 Classes (Bioconductor)

For infrastructure packages extending Bioconductor classes:

# Define generic — this is the extension point
setGeneric("myFunction", function(x, ...)
    standardGeneric("myFunction"))

# Define method for your class
setMethod("myFunction", "MyClass", function(x, ...) {
    # implementation
})

Key principle: analytical operations should be generics, not plain functions. This lets downstream packages specialize behavior for their own classes. See references/bioconductor.md.

Testing

devtools::test()                    # all tests
covr::package_coverage()            # target ≥80%

Test error paths with expect_error(), not just happy paths.

R CMD check

rcmdcheck::rcmdcheck(
    args = c("--no-manual", "--as-cran"),
    error_on = "warning"
)

For Bioconductor, also run:

BiocCheck::BiocCheck("pkg_0.99.0.tar.gz", `new-package` = TRUE)
BiocCheck::BiocCheckGitClone(".")

GitHub Actions CI

See references/github-actions.md for platform-specific configs.

CRAN packages: use r-lib/actions standard workflow. Bioconductor packages: use r-lib/actions/setup-r-dependencies which auto-resolves Bioc deps from DESCRIPTION.

Visualization (publication grade)

See references/visualization.md for Nature/Science style standards.

Key rules:

  • Colorblind-safe palette: Wong (2011) Nat Methods 8:441
  • theme_classic(), no gridlines, 8pt base font
  • No titles on figures (titles go in captions)
  • Panel labels: bold lowercase a, b, c
  • Paired dot plots > bar charts for before/after comparisons

Submission

CRAN

Upload tarball to https://xmpalantir.wu.ac.at/cransubmit/ Include cran-comments.md. See references/cran.md.

Bioconductor

  1. Register at https://support.bioconductor.org (same email as DESCRIPTION)
  2. Subscribe to bioc-devel mailing list
  3. Add SSH key to GitHub
  4. Make repo Public
  5. Open issue at https://github.com/Bioconductor/Contributions/issues/new See references/bioconductor.md for the submission template.

Common Issues

See references/troubleshooting.md for solutions to frequent R CMD check and BiocCheck problems.

Comments

Loading comments...