ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Sc-RNA Cell Type Annotator

v1.0.0

Auto-annotate cell clusters from single-cell RNA data using marker genes.

0· 45·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name/description and SKILL.md describe a tool that reads cluster marker inputs and writes annotated outputs, but the included script only implements a --demo mode and does not parse the --markers CSV or produce files as documented. requirements.txt lists pandas (imported) but the script does not actually use pandas for any I/O. This mismatch suggests the package is incomplete or poorly maintained.
!
Instruction Scope
SKILL.md instructs validating input file paths, running the script against real inputs, and writing outputs; however, scripts/main.py does not implement reading input files, validation, path sanitization, or output writing — it only prints a demo. The instructions therefore grant broader runtime scope than the code actually exercises (or expect missing functionality).
Install Mechanism
No install spec; this is an instruction-only skill with a small Python script and a single dependency (pandas) declared in requirements.txt. No external downloads or obscure installers are used.
Credentials
The skill requests no environment variables or credentials. It does require Python and pandas, which are proportional to the claimed purpose. No secrets or unrelated env access are requested.
Persistence & Privilege
always is false and there are no indications the skill modifies other skills or system-wide settings. It runs locally if invoked; no elevated persistence or privileged behavior is requested.
What to consider before installing
This package appears non-malicious but incomplete or inconsistent. Before installing or using it: (1) Inspect and run the script in a sandboxed environment (python -m py_compile scripts/main.py; python scripts/main.py --demo) to confirm behavior. (2) Note that --markers is accepted by the CLI but not implemented — expect to add CSV parsing and input validation if you need real-file support. (3) Verify any future changes properly sanitize input paths (prevent ../ traversal) and explicitly write outputs to a workspace directory. (4) Consider contacting the author/source (unknown here) or prefer a vetted tool if you need production annotation pipelines. If you decide to extend this skill yourself, add robust file I/O, path sanitization, and unit tests; keep execution confined to a safe environment while developing.

Like a lobster shell, security has layers — review code before you run it.

latestvk978653zxm0mvvajgdjbzzn80n83yp5a

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments