cnv-caller-plotter Security Report — Trusted | ClawSafe

5 /100

cnv-caller-plotter

Detect copy number variations from whole genome sequencing data and generate publication-quality genome-wide CNV plots

A legitimate genomic CNV analysis skill with no malicious behavior found; scripts are straightforward and use only the standard library with no network access, credential access, or obfuscation.

Skill Namecnv-caller-plotter

Duration25.0s

Enginepi

✓

Safe to install

This skill is safe to use. No security concerns identified.

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ/WRITE`	`READ/WRITE`	✓ Aligned	SKILL.md: allowed-tools includes Read/Write; main.py writes to output dirs
Shell	`NONE`	`NONE`	—	No subprocess/shell invocation in scripts/main.py
Network	`NONE`	`NONE`	—	scripts/main.py uses only standard library; no urllib, requests, or network call…
Environment	`NONE`	`NONE`	—	No os.environ access in scripts/main.py
Skill Invoke	`NONE`	`NONE`	—	No skill invocation patterns found
Clipboard	`NONE`	`NONE`	—	No clipboard access found
Browser	`NONE`	`NONE`	—	No browser access found
Database	`NONE`	`NONE`	—	No database access found

5 findings

🔗

Medium External URL 外部 URL

http://dgv.tcag.ca

SKILL.md:945

🔗

Medium External URL 外部 URL

https://gnomad.broadinstitute.org

SKILL.md:946

🔗

Medium External URL 外部 URL

https://www.ncbi.nlm.nih.gov/clinvar

SKILL.md:947

🔗

Medium External URL 外部 URL

https://www.deciphergenomics.org

SKILL.md:948

🔗

Medium External URL 外部 URL

https://cancer.sanger.ac.uk

SKILL.md:949

File Tree

2 files · 36.9 KB · 1117 lines

Markdown 1f · 1049L Python 1f · 68L

├─ ▾ 📁 scripts

│ └─ 🐍 main.py Python 68L · 2.3 KB

└─ 📝 SKILL.md Markdown 1049L · 34.6 KB

Security Positives

✓ scripts/main.py uses only Python standard library (os, sys, pathlib, argparse) — no third-party dependencies required

✓ No subprocess, shell, or command execution in the implementation

✓ No credential, API key, or environment variable harvesting

✓ No network requests, data exfiltration, or C2 communication

✓ No base64, eval, or code obfuscation patterns

✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)

✓ Documentation (SKILL.md) accurately reflects the implemented functionality

✓ Output directory is user-controlled via --output flag

✓ No hidden or undocumented behavior detected

✓ HIPAA compliance note in docs is appropriate for genomic data handling

✓ Skill has MIT license and clear authorship (AIPOCH)

Scan Report

File Tree

Security Positives