← Back to Skills Marketplace

NutriGx Advisor

Name: NutriGx Advisor
Author: manuelcorpas

by manuelcorpas · GitHub ↗ · v0.2.0

cross-platform ⚠ suspicious

412

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install nutrigx-advisor

Description

Generates a personalized nutrition report from consumer genetic data analyzing key SNPs to provide actionable dietary and supplementation guidance.

Usage Guidance

This skill appears to do what it says: local parsing of consumer genotype files and generation of a nutrition report. Before installing or running it, consider the following: - Sensitive data: the tool processes personal genetic files. Only run it on data you control and trust the machine to handle; do not upload those files to third parties unless you explicitly consent. - Provenance & outputs: the reproducibility bundle writes checksums and a provenance.json that includes the input filename into the output directory. If filenames are sensitive, either rename or remove them before sharing outputs. - External dependency: environment.yml includes a pip package (clawbio==0.1.0). If you recreate the conda/pip environment, review that package's source and trustworthiness before installing it. Running the included scripts without creating the conda env will use only the bundled code, but you still need the listed Python libraries installed locally. - Isolation: run the skill in an isolated environment (virtualenv / dedicated VM / container) if you have privacy or supply-chain concerns. - Source verification: registry metadata shows 'Source: unknown' and no homepage. If you require provenance, ask the publisher for a source repo or digital signatures before relying on this for clinical decisions. If you only need a quick, local test, use the provided synthetic patient file and review outputs before processing real genetic data.

Capability Analysis

Type: OpenClaw Skill Name: nutrigx-advisor Version: 0.2.0 The skill is classified as suspicious due to a shell injection vulnerability in the `repro_bundle.py` file. When generating the `commands.sh` script for reproducibility, command-line arguments are concatenated into a shell string without proper quoting or sanitization. If a user-provided argument (e.g., `--output`) contains shell metacharacters, executing the generated `commands.sh` could lead to arbitrary command execution. While this is a vulnerability in an output artifact intended for manual user execution, and not directly exploited by the OpenClaw agent, it represents a significant security flaw. Additionally, `parse_input.py` and `generate_report.py` handle user-provided file paths without explicit path traversal sanitization, posing a potential local file read/write vulnerability.

Capability Assessment

✓ Purpose & Capability

Name/description (personalised nutrition from consumer genetic data) align with the included code: parsing 23andMe/Ancestry/VCF, extracting SNPs from a curated panel, scoring variants, and producing a markdown report and figures. No unrelated cloud credentials, binaries, or system-level access are requested.

ℹ Instruction Scope

SKILL.md and the scripts are narrowly scoped to parsing local genotype files, scoring a fixed SNP panel, and generating reports. They operate on user-supplied genetic files (sensitive data) and create a reproducibility bundle that writes hashes and provenance (including the input filename) into the output directory. There are no instructions or code that transmit data to external endpoints.

ℹ Install Mechanism

There is no platform install spec (instruction-only at registry level) and all behavior is implemented in the bundled Python files. The reproducibility environment.yml includes a pip dependency 'clawbio==0.1.0' which, if a user follows the reproducibility steps, would install code from PyPI (or configured pip index). Installing arbitrary pip packages is the only non-local dependency risk here and should be reviewed before use.

✓ Credentials

The skill declares no required environment variables or credentials and the code does not access hidden config paths. All access is to files the user provides (input genotype files, local data/snp_panel.json). No secrets or unrelated environment access is requested.

✓ Persistence & Privilege

Skill flags are default (always: false, user-invocable true). It does not request permanent platform presence nor modify other skills or global agent settings. Files written are limited to the specified output directory (report, figures, checksums, provenance).

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install nutrigx-advisor
After installation, invoke the skill by name or use /nutrigx-advisor
Provide required inputs per the skill's parameter spec and get structured output

Version History

v0.2.0

Migrate to ClawBio org, reorganise examples, update URLs

Metadata

Slug nutrigx-advisor

Version 0.2.0

License —

All-time Installs 5

Active Installs 4

Total Versions 1

Frequently Asked Questions

What is NutriGx Advisor?

Generates a personalized nutrition report from consumer genetic data analyzing key SNPs to provide actionable dietary and supplementation guidance. It is an AI Agent Skill for Claude Code / OpenClaw, with 412 downloads so far.

How do I install NutriGx Advisor?

Run "/install nutrigx-advisor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is NutriGx Advisor free?

Yes, NutriGx Advisor is completely free (open-source). You can download, install and use it at no cost.

Which platforms does NutriGx Advisor support?

NutriGx Advisor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created NutriGx Advisor?

It is built and maintained by manuelcorpas (@manuelcorpas); the current version is v0.2.0.

More Skills