Method Dev Agent
v0.1.2AI助手助力药品分析实验室高效管理色谱方法开发,支持实验记录、方法库、数据分析及AI优化建议。
⭐ 0· 318·0 current·0 all-time
by@teagec
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The code (Streamlit UI, SQLite DB, utilities for chromatographic metrics and simple rule-based suggestions) matches the stated purpose of experiment records, method library, and analysis. Minor mismatch: SKILL.md quick-start shows 'streamlit run app.py' at the repo root while the application is located at src/app.py (README uses src/app.py). The SKILL.md advertises 'AI推荐' (AI recommendations, paid) — the included code implements a simple local rule engine (utils.suggest_optimization) rather than an LLM integration; that's plausible but should be made explicit to avoid expectation of an external AI service.
Instruction Scope
SKILL.md runtime instructions are minimal (pip install dependencies and run Streamlit locally) and consistent with a local app. However: (1) the repository includes a publish.sh that will attempt to commit, push to GitHub and call 'clawhub publish' — running that script will use your git/clawhub credentials and network, but SKILL.md doesn't warn about it; (2) the package contains many marketing drafts and a publish workflow which may encourage the user to run network/publishing steps; (3) a pre-scan found 'unicode-control-chars' in SKILL.md, which may indicate hidden control characters (possible prompt-injection attempt embedded in docs). The app code itself does not make outbound network calls or read arbitrary system files beyond writing to a local data directory.
Install Mechanism
No install spec is declared (instruction-only), so nothing is automatically downloaded or written during 'installation'. Dependencies are standard Python libs listed in requirements.txt (streamlit, pandas, plotly, numpy, dateutil). This is low-risk compared with an arbitrary network download. The included publish script performs network operations only if explicitly executed.
Credentials
The skill does not declare or require any environment variables or credentials. That aligns with the code which stores data in a local SQLite file under a data/ directory. One caveat: publish.sh expects git remote and ClawHub login (credentials), but these are developer convenience scripts and not required for the app to function; the skill does not request unrelated secrets.
Persistence & Privilege
No elevated privileges are requested. The skill is not always-enabled. It persists data to a local SQLite DB in the project data/ folder and writes CSV exports under data/exports. That is proportionate to its purpose. There is no code that modifies other skills or system-wide agent settings.
Scan Findings in Context
[unicode-control-chars] unexpected: The pre-scan detected unicode control characters in SKILL.md. The app is a local Streamlit app and does not need hidden control characters in docs. Hidden/unexpected characters can be used for prompt-injection or to obscure content; user should inspect SKILL.md and other docs for non-printable characters before trusting or publishing.
What to consider before installing
What to check before installing or running this skill:
- Inspect SKILL.md and README for hidden characters (unicode control chars). Use a hex viewer or an editor that shows non-printable characters; remove or ask the author about any strange contents.
- Confirm which 'AI' features are local rule-based vs. remote LLM calls. The repository's code implements a simple rule engine (utils.suggest_optimization); if you expect external LLM functionality, ask the author whether an API key is required and whether network calls are made.
- Do NOT run publish.sh unless you intend to push commits and publish to ClawHub. That script will attempt git commits, git push and clawhub publish and will use your git/clawhub credentials and network access.
- Run the code in an isolated environment (virtualenv/container) and review requirements.txt. Start the Streamlit app locally and confirm it only reads/writes to the project data/ directory.
- If you will store sensitive or regulated lab data, verify data storage and backup policies and consider encrypting or using an approved LIMS. This tool writes a local SQLite DB and CSV exports by default—ensure that matches your compliance needs.
- If you want higher confidence, run the unit tests (tests/test_basic.py) and scan the code for any unexpected network/socket usage. The included code does not show outbound network calls, but thorough vetting is recommended.
If you'd like, I can (a) produce a small checklist of exact commands to safely inspect files for non-printable characters, (b) summarize which files perform filesystem or network operations, or (c) generate a short list of questions to ask the author about the advertised 'AI recommendation' paid feature.Like a lobster shell, security has layers — review code before you run it.
latest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
Method Dev Agent - 方法开发助手
专业技能: 药品分析实验室 | 色谱方法开发 | HPLC/UPLC/GC
🎯 解决的问题
药品分析实验室方法开发过程中的痛点:
- ❌ 试错成本高(数周甚至数月)
- ❌ 知识依赖个人,难以沉淀
- ❌ 实验记录分散,追溯困难
- ❌ 优化路径不清晰
💡 解决方案
AI驱动的方法开发助手Agent:
- 📝 智能实验记录 - 系统化记录每次实验参数和结果
- 🔍 方法检索 - 快速查找历史方法和实验记录
- 📊 趋势分析 - 可视化方法优化过程
- 💾 知识沉淀 - 结构化存储方法开发知识
✨ 核心功能
1. 实验记录管理
- 完整的色谱条件记录(色谱柱、流动相、梯度、温度等)
- 样品信息和前处理方法
- 结果数据(保留时间、分离度、塔板数等)
- 观察记录和下一步计划
2. 方法库
- 保存成功的色谱方法
- 按化合物、基质、色谱柱类型分类
- 快速检索和复用
3. 数据分析
- 实验状态统计
- 成功评分趋势
- 方法优化可视化
4. AI推荐 (专业版)
- 基于历史数据的方法推荐
- 色谱条件优化建议
- 问题诊断和解决方案
🚀 快速开始
# 安装依赖
pip install streamlit pandas plotly
# 运行应用
streamlit run app.py
# 浏览器访问
http://localhost:8501
💰 定价
| 版本 | 功能 | 价格 |
|---|---|---|
| 基础版 | 实验记录、方法库、基础分析 | 免费 |
| 专业版 | +AI推荐、文件解析、高级分析 | 0.03 ETH/月 |
| 企业版 | +本地部署、定制开发、培训 | 定制报价 |
🏥 适用场景
- 药品QC实验室方法开发
- 仿制药一致性评价
- 新药质量标准研究
- 稳定性试验方法优化
👨🔬 目标用户
- 药品分析研究员
- QC方法开发科学家
- 实验室经理
- CRO公司分析部门
📞 联系方式
作者: Teagee Li
领域: 药品分析实验室管理
邮箱: teagee@qq.com
GitHub: https://github.com/teagec/t2
让方法开发更智能、更高效
Files
18 totalSelect a file
Select a file to preview.
Comments
Loading comments…