中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:1 day ago Rescan
5 /100
pharma-ai
智能药物发现AI助手,提供分子毒性预测、ADMET评估和虚拟筛选功能
PharmaAI is a legitimate drug discovery assistant using RDKit/scikit-learn for molecular toxicity prediction with no malicious behavior detected. Shell execution is documented and necessary for ML integration.
Skill Namepharma-ai
Duration44.4s
Enginepi
Safe to install
Skill is safe for use. Consider pinning Python dependency versions for better supply chain hygiene.

Findings 2 items

Severity Finding Location
Low
Unpinned Python dependencies Supply Chain
requirements.txt uses >= version specifiers without upper bounds, allowing potentially incompatible versions to be installed
rdkit>=2023.0.0
→ Pin exact versions: rdkit==2023.9.0
 python-core/requirements.txt:1
Info
Missing screen.py implementation Doc Mismatch
python-bridge/index.ts calls virtualScreen which references a 'screen' script that does not exist in python-core/
await callPython('screen', {...})
→ Either implement screen.py or remove the virtualScreen export
 src/python-bridge/index.ts:80
ResourceDeclaredInferredStatusEvidence
Filesystem READ READ ✓ Aligned predict.py loads models from MODELS_DIR
Network NONE NONE No network calls in codebase
Shell WRITE WRITE ✓ Aligned python-bridge/index.ts:17 spawns python3 subprocess
Environment NONE NONE No os.environ access for sensitive data
Skill Invoke NONE NONE Standard skill interface
Clipboard NONE NONE Not used
Browser NONE NONE Not used
Database NONE NONE Not used
6 findings
🔗
Medium External URL 外部 URL
https://clawhub.com
HEADLESS_LOGIN.md:13
🔗
Medium External URL 外部 URL
https://clawhub.com/settings/tokens
HEADLESS_LOGIN.md:59
🔗
Medium External URL 外部 URL
https://docs.clawhub.com
HEADLESS_LOGIN.md:122
🔗
Medium External URL 外部 URL
https://discord.gg/clawd
HEADLESS_LOGIN.md:123
🔗
Medium External URL 外部 URL
https://docs.openclaw.ai/skills
PUBLISH_GUIDE.md:134
📧
Info Email 邮箱地址
[email protected]
HEADLESS_LOGIN.md:121

File Tree

12 files · 22.5 KB · 957 lines
Markdown 4f · 444L TypeScript 4f · 294L Python 1f · 163L JSON 2f · 52L Text 1f · 4L
├─ 📁 python-core
│ ├─ 🐍 predict.py Python 163L · 4.8 KB
│ └─ 📄 requirements.txt Text 4L · 64 B
├─ 📁 src
│ ├─ 📁 commands
│ │ └─ 📜 predict.ts TypeScript 77L · 2.2 KB
│ ├─ 📁 python-bridge
│ │ └─ 📜 index.ts TypeScript 112L · 2.4 KB
│ ├─ 📁 types
│ │ └─ 📜 index.ts TypeScript 47L · 920 B
│ └─ 📜 index.ts TypeScript 58L · 1.3 KB
├─ 📝 HEADLESS_LOGIN.md Markdown 126L · 2.8 KB
├─ 📋 package.json JSON 34L · 762 B
├─ 📝 PUBLISH_GUIDE.md Markdown 139L · 2.9 KB
├─ 📝 README.md Markdown 70L · 1.4 KB
├─ 📝 SKILL.md Markdown 109L · 2.5 KB
└─ 📋 tsconfig.json JSON 18L · 460 B

Dependencies 4 items

PackageVersionSourceKnown VulnsNotes
rdkit >=2023.0.0 pip No Version not pinned
scikit-learn >=1.3.0 pip No Version not pinned
numpy >=1.24.0 pip No Version not pinned
joblib >=1.3.0 pip No Version not pinned

Security Positives

✓ No network egress or C2 communication detected
✓ No credential harvesting or sensitive data access
✓ No obfuscated code or base64 execution
✓ Shell execution (python3 subprocess) is documented and necessary for ML integration
✓ No curl|bash or remote script execution
✓ File access limited to local model directory
✓ Clean, well-structured pharmaceutical ML codebase