Security Audit

personal-genomics

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CRITICAL

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

personal-genomics received a trust score of 16/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 12 findings: 0 critical, 0 high, 12 medium, and 0 low severity. Key findings include Unsafe deserialization / dynamic eval, Missing required field: name, Unpinned Python dependency version.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 44/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

44%

Static Code Analysis

93%

Dependency Graph

79%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Shell Execution

8 findings

Dynamic Code

8 findings

Security Findings12

Severity	Finding	Layer	Location
MEDIUM	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/wkyleg/personal-genomics/data_quality.py:5
MEDIUM	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/wkyleg/personal-genomics/markers/__init__.py:65
MEDIUM	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/wkyleg/personal-genomics/markers/advanced_genetics.py:3
MEDIUM	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/wkyleg/personal-genomics/markers/medication_interactions.py:11
MEDIUM	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/wkyleg/personal-genomics/markers/pain_sensitivity.py:157
MEDIUM	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/wkyleg/personal-genomics/markers/pharmacogenomics.py:575
MEDIUM	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/wkyleg/personal-genomics/markers/pharmacogenomics.py:585
MEDIUM	Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions.	Manifest	skills/wkyleg/personal-genomics/neanderthal_analysis.py:120
MEDIUM	Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter.	Static	skills/wkyleg/personal-genomics/SKILL.md:1
MEDIUM	Unpinned Python dependency version Requirement 'pandas>=1.5.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'.	Dependencies	skills/wkyleg/personal-genomics/requirements.txt:2
MEDIUM	Unpinned Python dependency version Requirement 'numpy>=1.21.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'.	Dependencies	skills/wkyleg/personal-genomics/requirements.txt:3
MEDIUM	Unpinned Python dependency version Requirement 'reportlab>=4.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'.	Dependencies	skills/wkyleg/personal-genomics/requirements.txt:6

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/5b68d2b51a8891e9.svg)](https://skillshield.io/report/5b68d2b51a8891e9)