Bio-chat: Hardcore Primer Designer
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a purpose-aligned primer-design helper that queries NCBI and has no evidence of credential use, persistence, destructive actions, or hidden exfiltration.
Before installing, note that the tool depends on Python requests and sends queried accessions to NCBI to retrieve sequence data. Install dependencies from a trusted environment and independently review primer/probe outputs before relying on them for laboratory work.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user installs dependencies manually, they rely on the current package-index version of requests rather than a locked, reviewed version.
The only dependency is listed without a version pin. This is common and purpose-aligned for the script's NCBI HTTP calls, but users should be aware that installing it may pull the latest package version from the package index.
requests
Install dependencies in a trusted environment and consider pinning dependency versions if reproducibility or supply-chain control is important.
NCBI can receive the accession identifiers the user is querying, which may reveal what public sequences or genes the user is working on.
The script sends the target, homolog, or off-target accession identifiers to NCBI over HTTPS to fetch sequence and annotation data. This is aligned with the primer-design purpose, but it is still an external data flow.
url = f"https://eutils.ncbi.nlm.nih.gov/entrez/eutils/efetch.fcgi?db=nuccore&id={accession}&rettype=fasta&retmode=text"Use public accession identifiers as intended, and avoid entering sensitive internal identifiers or private sequence information unless the data-sharing implications are acceptable.