by 安全扫描
OpenClaw
安全
high confidenceThe skill's code, documentation, and runtime instructions are coherent with a pymatgen-based materials‑science toolkit and request only Materials Project API access when that integration is used.
评估建议
This skill appears to implement and document standard pymatgen functionality. Before installing: (1) only provide an MP_API_KEY if you want Materials Project queries—limit the key's scope and treat it like a secret; (2) run the scripts in an environment where local structure/calculation files are intended to be read/written (they read POSCAR, vasprun.xml, etc.); (3) install the recommended Python packages in a virtual environment or sandbox to avoid dependency conflicts; (4) if you plan to grant...详细分析 ▾
✓ 用途与能力
The name/description (pymatgen, structure analysis, phase diagrams, Materials Project) align with the included docs and scripts. Files and examples show expected capabilities (file I/O, phase diagram generation, MPRester usage). No unrelated credentials, binaries, or surprising system access are requested.
✓ 指令范围
SKILL.md and the scripts instruct the agent to read/write structure and calculation files (POSCAR, vasprun.xml, CIF, etc.) and query the Materials Project API. Those actions fall squarely within the stated purpose. There are no instructions to access unrelated system files, shell history, or send data to unexpected remote endpoints.
✓ 安装机制
There is no install spec baked into the skill; SKILL.md recommends installing via pip (pymatgen, mp-api), which is appropriate and proportional. No downloads from arbitrary URLs or archive extraction are present.
✓ 凭证需求
The only environment variable used in scripts/docs is MP_API_KEY to access Materials Project, which is justified by the Materials Project integration. No other secrets, keys, or unrelated environment/config paths are requested.
✓ 持久化与权限
The skill does not request always:true, does not modify other skills, and has no declared config path or persistent privileges. Autonomous invocation remains enabled (platform default) but is not combined with any broad unexplained access.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
安装命令
点击复制官方npx clawhub@latest install crystallographic-wyckoff-position-analysis-pymatgen
镜像加速npx clawhub@latest install crystallographic-wyckoff-position-analysis-pymatgen --registry https://cn.longxiaskill.com 镜像可用