Scan Report
0 /100
personal-genomics
Analyze consumer DNA data from WeGene, 23andMe, AncestryDNA, VCF, BAM, CRAM files and generate evidence-based health reports
Legitimate personal genomics analysis skill with no malicious behavior detected. All functionality matches declared purpose.
Safe to install
No action required. Skill is safe for use.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | SKILL.md declares file reading for genetic data ingestion |
| Filesystem | WRITE | WRITE | ✓ Aligned | SKILL.md declares report generation (HTML, Excel output) |
| Network | READ | READ | ✓ Aligned | tool_setup.md:55 documents REF_PATH for EBI CRAM reference fetching |
| Shell | WRITE | WRITE | ✓ Aligned | tool_setup.md documents samtools/bcftools compilation for CRAM/BAM analysis |
| Environment | NONE | NONE | — | No environment variable access found |
| Skill Invoke | NONE | NONE | — | No skill invocation found |
| Clipboard | NONE | NONE | — | No clipboard access found |
| Browser | NONE | NONE | — | No browser access found |
| Database | NONE | NONE | — | No database access found |
1 findings
Medium External URL 外部 URL
http://www.ebi.ac.uk/ena/cram/md5/%s references/tool_setup.md:55 File Tree
11 files · 126.9 KB · 2850 lines Markdown 7f · 2501L
Python 1f · 243L
Text 2f · 83L
JSON 1f · 23L
├─
▾
evals
│ ├─
▾
test_data
│ │ ├─
mock_23andme.txt
Text
│ │ └─
mock_wegene.txt
Text
│ └─
evals.json
JSON
├─
▾
references
│ ├─
snp_database.md
Markdown
│ ├─
supplement_guide.md
Markdown
│ ├─
supported_formats.md
Markdown
│ └─
tool_setup.md
Markdown
├─
▾
scripts
│ └─
parse_genotypes.py
Python
├─
README_EN.md
Markdown
├─
README.md
Markdown
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
openpyxl | unpinned | pip | No | Used for Excel report generation; version not pinned but package is well-maintained |
Security Positives
✓ Uses only Python standard library (gzip, os, sys, collections) - no external dependencies with known vulnerabilities
✓ All file operations are explicitly declared in SKILL.md (read genetic data, write reports)
✓ Network access is limited to legitimate EBI reference genome fetching for CRAM files
✓ No credential harvesting, API key theft, or sensitive path access
✓ No obfuscation techniques (base64, eval, atob) detected
✓ No data exfiltration or C2 communication patterns
✓ No reverse shell or remote code execution vectors
✓ Comprehensive SNP database with PMID citations - validates evidence-based approach
✓ Medical disclaimer explicitly required in generated reports
✓ Openpyxl dependency for Excel output is declared in tool_setup.md