PharmaClaw Chemistry Query

The name/description match the included scripts: PubChem/ChEMBL/PubMed access, RDKit processing, visualization, retrosynthesis, and reaction templates. Minor mismatch: SKILL.md lists required python packages but omits the commonly used 'requests' package which several scripts (query_pubchem.py, chembl_query.py, pubmed_search.py) import — the environment will need requests installed. Otherwise declared dependencies (rdkit, gradio, pandas, Pillow, optional Java) align with the code.

Runtime instructions call the bundled Python scripts and public chemistry APIs only. Input sanitization is present in many places (SMILES length/null-byte checks, path sanitization, shell-metacharacter filtering). The opsin helper auto-downloads a JAR and runs it when IUPAC→SMILES is requested — that download is explicitly handled and checksum-verified in code. Scripts write outputs to local subdirectories (viz/, scripts/opsin.jar). No instructions read unrelated system files or attempt to access secrets.

The skill has no install spec (instruction-only for the platform) so nothing is automatically installed by the registry. The only non-code download behavior is the OPSIN JAR fetched from a GitHub release by scripts/opsin_name_to_smiles.py; the code performs a SHA-256 verification. This is a reasonable pattern, but it does write a ~13MB JAR into the skill's scripts directory on first use.

The skill requires no environment variables or credentials and only uses public APIs (PubChem, ChEMBL, NCBI). That is proportionate to the stated functionality. No hidden credential access or unrelated config paths are requested.

The skill is not forced-always and does not request elevated system presence. It will create local files (viz images, the OPSIN JAR) within the skill tree when used, which is normal for this functionality. It does not modify other skills or global agent configurations.