Safety Report

Protein Design

Name: Protein Design
Rating: 5 (6 reviews)
Author: xiongzhp

@xiongzhp

BoltzGen protein/peptide/antibody/nanobody design tools exposed through SciMiner.

223Downloads

0Installs

6Stars

5Versions

DevOps & Infrastructure2,137 Design & Prototyping2,077

Security Analysis

medium confidence

Clean0.04 risk

The skill's requirements and instructions are coherent with a SciMiner-backed BoltzGen protein design workflow, but it directs uploading biological files and uses an external/internal-looking API (sciminer.tech) so you should verify the service and data-sharing implications before using it.

Apr 18, 20263 files1 concern

Purpose & Capabilityok

Name/description (BoltzGen protein/peptide/antibody/nanobody design via SciMiner) match the declared behaviour: the SKILL.md and registry map to BoltzGen design endpoints and the only credential requested is SCIMINER_API_KEY, which is required to call the API. File-upload parameters and task polling are appropriate for remote design services.

Instruction Scopenote

Instructions narrowly instruct the agent to call SciMiner endpoints and to upload files (PDB/CIF) to the SciMiner file endpoint — this is expected for remote protein-design services. However, the skill requires uploading potentially sensitive biological sequence/structure files and instructs attaching a publicly-accessible 'share_url' to user summaries, which raises data-exposure/privacy considerations that are outside the skill's technical scope but relevant to users.

Install Mechanismok

No install spec (instruction-only) and no external binary downloads; included Python registry code is small and acts as a tool map. No archive/external downloads or unusual install behavior detected.

Credentialsok

Only a single credential (SCIMINER_API_KEY) is required and it is used as an API token (X-Auth-Token) to call the service. The requested environment access is proportional to the declared remote-API use. Note: that token would allow the skill to invoke the service and upload files while the key is present, so treat it as sensitive.

Persistence & Privilegeok

Skill is not always-enabled, makes no system-wide config changes, and requests no persistent system privileges. Autonomous invocation is allowed by platform default, which combined with the API key could let the agent call the remote service, but that is expected for a networked API integration.

Guidance

This skill is coherent for remote protein/peptide/antibody/nanobody design via SciMiner and only asks for a single API key. Before installing: 1) Verify sciminer.tech is a legitimate service and review its privacy/terms (you will upload PDB/CIF files and results may be accessible via share_url). 2) Do not upload IP-sensitive, proprietary, or potentially hazardous biological sequences unless you understand how the provider will store, share, and retain them. 3) Use a dedicated API key with limited scope and be prepared to revoke it if needed. 4) If you need offline or private designs, consider alternatives that run locally rather than a hosted API. 5) If you want higher assurance, ask the publisher for provenance (who maintains this skill) and for documentation confirming that the endpoints used are public API endpoints rather than internal-management endpoints.

Latest Release

v1.0.4

- Updated instructions to clarify that the SciMiner API key is free. - Modified guidance text to consistently refer to obtaining a "free SciMiner API key." - No code or interface changes; documentation only.

More by @xiongzhp

Peptide Design

5 stars

Biomolecular Structure Prediction

3 stars

self-improving-agent

@pskoett · 1,456 stars

Gog

@steipete · 672 stars

Tavily Web Search

@arun-8687 · 620 stars

Find Skills

@JimLiuxinghai · 529 stars

Published by @xiongzhp on ClawHub