ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Sanger Chromatogram QA

v1.0.0

Use sanger chromatogram qa for data analysis workflows that need structured execution, explicit assumptions, and clear output boundaries.

0· 32·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name, description, and declared dependency on numpy align with a lightweight Sanger QA tool. However, the packaged script is a minimal demo: it does not parse AB1 files, detect mixed signals (detect_mixed_signals returns 0), or implement a CONFIG block the README references. The required files and dependency list are proportionate, but the implementation is incomplete relative to the stated purpose.
!
Instruction Scope
SKILL.md instructs operators to run and validate scripts against real inputs, mentions editing an in-file CONFIG block, and promises input validation and bounded outputs. The shipped script only prints a demo report when run with --demo and otherwise tells the user to use --demo; it has no AB1 parsing, no file I/O, and no explicit input validation. This mismatch means following the instructions will not produce the claimed behavior and could mislead users into thinking a full QA tool is present when it is not.
Install Mechanism
There is no install spec (instruction-only skill) and the included requirements.txt lists only numpy. Nothing is downloaded from external URLs and no archive extraction is required. Risk from the install mechanism is low — the only code written to disk is the repository files already present.
Credentials
The skill requests no environment variables, no credentials, and no config paths. That is proportionate to the claimed functionality.
Persistence & Privilege
The skill does not request always:true or attempt to modify other skills or global agent settings. It is user-invocable and can be run locally on demand; this level of privilege is appropriate.
What to consider before installing
This skill is coherent at a high level (Sanger QA + numpy + a script) but the implementation is incomplete and partly placeholder. Before installing or running: 1) Inspect scripts/main.py — it currently only implements a demo and does not parse AB1 files or perform mixed-signal detection. 2) Run python -m py_compile and python scripts/main.py --demo in an isolated/sandboxed environment to confirm behavior. 3) Do not run the script against sensitive data until it has proper AB1 parsing and input validation; add or verify input sanitization and path traversal protections if you or the integrator extend the script to accept file paths. 4) If you expect full QA functionality, request or implement the missing features (AB1 parsing, mixed-signal detection, configuration block, robust error handling) and an updated dependency list (e.g., biopython or abifpy) before trusting outputs. 5) If you need help assessing any code changes, have a developer or security reviewer audit the modifications.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bgnfwe7yxa7je7r29f9s33d83zvc4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments