Molecular 3D Renderer
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to do what it claims—render molecules locally—while relying on user-directed installs, local rendering tools, and optional public PDB downloads.
This looks reasonable for a molecular rendering skill. Before installing, use trusted dependency sources, preferably run it in a virtual environment, and remember that PDB ID mode may contact RCSB and cache downloaded structure files locally.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill's dependencies will pull code and binaries from package repositories onto the user's machine.
The skill asks the user to install unpinned third-party packages and a system renderer. This is expected for this renderer, but it is still a supply-chain surface users should notice.
pip install rdkit numpy apt-get install -y povray # For PDB support: pip install biopython
Install in a virtual environment or container where possible, use trusted package sources, and consider pinning or reviewing dependency versions.
Rendering by PDB ID can contact RCSB and cache the downloaded public structure file locally.
PDB mode can make an outbound request to RCSB and save the downloaded structure locally. This matches the documented PDB auto-download feature.
url = f"https://files.rcsb.org/download/{pdb_id}.pdb"
...
urllib.request.urlretrieve(url, out_path)Use PDB auto-download only when intended, and use local files for private structures if you do not want an external lookup.
Using the skill runs local code and a rendering binary on the user's machine.
The skill operates by running local Python scripts and a local POV-Ray renderer. This execution is disclosed and central to the stated rendering purpose.
requires: bins: ["povray", "python3"] ... python3 scripts/smiles_to_3d.py "SMILES" -o output.png
Run it in a normal project directory or isolated environment, and review output paths before invoking commands.