ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Variant Pathogenicity Predictor

v1.0.0

Integrate REVEL, CADD, PolyPhen scores to predict variant pathogenicity.

0· 25·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The skill's stated purpose (integrate REVEL/CADD/PolyPhen to predict pathogenicity) matches the small script's core behavior (combine three numeric scores into a composite and classification). However, SKILL.md and metadata claim a broader feature set (VCF input, report.json output, ACMG guideline interpretation, multiple integrated scores beyond the three) that the code does not implement. This is a capability mismatch (overpromising).
!
Instruction Scope
SKILL.md instructs workflows that reference reading VCFs, writing output files, editing a CONFIG block, producing ACMG interpretations, and running more extensive pipelines. The actual script only accepts --revel, --cadd, --polyphen, or --demo and does not read files or produce structured reports. If an agent follows the SKILL.md literally it may attempt to access or modify files/paths that do not exist, leading to unintended file I/O or escalation of access beyond what the code needs.
Install Mechanism
No install spec — instruction-only plus a small included Python script. Nothing is downloaded or extracted. Low install risk.
Credentials
No environment variables, credentials, or config paths are requested. The skill does not ask for external API keys or sensitive tokens, which is proportionate for this functionality.
Persistence & Privilege
The skill is not marked always:true and requests no elevated or persistent privileges. It does not modify other skills or system config. Autonomous invocation is allowed by platform default and is not by itself a red flag here.
What to consider before installing
The included Python script is small and only computes a composite score from three numeric inputs; it does not implement VCF parsing, ACMG interpretation, CONFIG editing, or file-based reports despite SKILL.md claiming those features. Before installing or granting the agent permission to run this skill: (1) review scripts/main.py yourself — it currently only uses CLI flags (--revel, --cadd, --polyphen, --demo) and has no network or file-read behavior; (2) if you expect VCF support or report generation, require the author to provide the actual implementation or updated documentation; (3) run the script in a sandbox or isolated environment (python -m py_compile scripts/main.py and python scripts/main.py --demo) to confirm behavior; (4) avoid giving the agent access to sensitive files or directories until the skill's true I/O behavior is verified; and (5) ask the author to reconcile SKILL.md with the code and to pin dependencies and add tests if you plan to rely on it for clinical or sensitive decisions.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fn2zfxh8sfx917ehpf0873d843fv3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments