Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
deeppurpose
v1.0.1Help install, inspect, run, troubleshoot, and adapt the DeepPurpose molecular modeling library for drug-target interaction prediction, compound property pred...
⭐ 0· 56·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description match the SKILL.md: guidance focuses on installing, inspecting, running, and adapting DeepPurpose. The files referenced and workflows described (data_loaders, encodings, model entrypoints, pretrained downloads) are appropriate for a DeepPurpose support skill.
Instruction Scope
Runtime instructions direct the agent to read local repository files (README, DeepPurpose/*.py, DEMO/, toy_data/) and to prefer static validation before runtime imports. These file reads are directly relevant to the stated purpose. The SKILL.md explicitly warns about network downloads triggered by dataset and pretrained model helpers.
Install Mechanism
There is no install spec and no code files to execute as part of skill installation (instruction-only). That minimizes disk-write and remote-install risk. The skill documents upstream install commands (conda/pip) for the user, which is expected and reasonable.
Credentials
The skill declares no required environment variables, credentials, or config paths. The heavy dependencies (RDKit, PyTorch, Descriptastorus, DGL, etc.) are documented and expected for this kind of library; they are proportional to the described tasks. The SKILL.md also cautions about downloads performed by helper functions.
Persistence & Privilege
always is false and the skill is user-invocable. There is no request to modify other skills or system-wide settings. The guidance to operate on local repo files is normal for a repo-support skill and does not imply elevated privileges.
Assessment
This skill is an instruction-only advisor for the DeepPurpose repo and is internally consistent, but exercise normal caution: 1) Inspect the repository yourself before running code; the SKILL.md expects you to read local files and prefer a local checkout. 2) Do static checks first (python3 setup.py --name, compileall) — importing modules will trigger heavy native dependencies and may fail or perform network downloads. 3) Run any suggested installs or model downloads in an isolated environment (conda env / container) to avoid contaminating your system. 4) When a workflow would download pretrained assets or datasets, prefer providing local pretrained_dir or explicit permission before allowing automatic downloads. 5) Because the skill source is 'unknown' and there are remote-download behaviors documented (Harvard Dataverse for pretrained assets and BindingDB fallbacks), consider auditing any downloaded artifacts and running in a network-restricted sandbox if you have sensitive data or credentials on the same machine.Like a lobster shell, security has layers — review code before you run it.
latestvk97bk8jtyh2k3v7k5dfhve7ym9844xvh
License
MIT-0
Free to use, modify, and redistribute. No attribution required.