Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
PharmaAI
v1.0.0智能药物发现AI助手,提供分子毒性预测、ADMET评估和虚拟筛选功能。 基于Python科学计算核心(RDKit + scikit-learn)和Node.js Skill包装。 Use when: - 需要预测分子的hERG心脏毒性、肝毒性或Ames致突变性 - 需要评估分子的溶解度、代谢稳定性等ADMET性质...
⭐ 0· 175·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description, TypeScript code, and Python core align with a molecular-toxicity/ADMET prediction skill. However the bundle advertises pre-trained models (e.g. herg_model.pkl, hepatotoxicity_model.pkl, ames_model.pkl) and references additional docs, but those model files and some referenced docs are not present in the provided file manifest. The package also does not declare runtime requirements (python3, RDKit) or list model files as required assets — this is disproportionate to the claimed out-of-the-box capability.
Instruction Scope
Runtime instructions and code confine behaviour to local computation: the Node layer spawns a local python3 process and passes JSON; the Python script loads local model files, computes descriptors with RDKit, and returns JSON. There are no network calls, no attempts to read arbitrary system files, and no exfiltration endpoints in the code. That said, documentation files include publishing/login guidance referencing ClawHub tokens (for publishing) which is unrelated to runtime prediction and should not be confused with required credentials.
Install Mechanism
There is no install spec and the skill expects heavy native Python packages (RDKit, scikit-learn, numpy, joblib). The bundle does not ship platform installers or the model artifacts; running it will require manual installation of RDKit (which has non-trivial native dependencies). The absence of packaged models means either the skill will fail at runtime or the author expects models to be fetched/added outside the bundle (no code for fetching exists). This mismatch increases operational risk.
Credentials
The skill does not request environment variables, credentials, or config paths for runtime operation (none declared). The only place tokens are mentioned is in publishing docs (HEADLESS_LOGIN.md / PUBLISH_GUIDE.md) describing how to publish the skill to ClawHub; those are documentation for authors and are not used by the runtime code. No other unrelated credentials are requested.
Persistence & Privilege
The skill does not request always:true and does not attempt to modify other skills or global agent configuration. It runs as a local Node/Python process when invoked. Autonomous invocation is allowed (platform default) but does not combine with other privilege red flags in the bundle.
What to consider before installing
This package mostly looks like a local Node+Python prediction tool, but do NOT install blindly. Key concerns to resolve before use: 1) The manifest/README reference pre-trained model files (python-core/models/*.pkl) that are not included — verify the models are present from a trusted source or the skill will fail. 2) The skill requires python3 and native Python packages (RDKit) which must be installed separately; RDKit has non-trivial native dependencies—test in an isolated environment. 3) The Python bridge spawns local processes and runs bundled Python code — review the Python files and any model-loading logic for safety and provenance. 4) The model metric claims (two models with ROC-AUC=1.000) are suspiciously perfect; ask the author for provenance, training data, and validation details before trusting predictions for critical decisions. If you cannot verify the models' origin and integrity, run the skill in a sandbox or decline to install.src/python-bridge/index.ts:22
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk9735mg5hmmv5h6tkmt0m4e38x82wttq
License
MIT-0
Free to use, modify, and redistribute. No attribution required.