Nutrigenomics

Added explicit execution instructions to the skill so the agent runs the analysis automatically instead of asking clarifying questions. Includes a one-command demo using the bundled synthetic patient file.

**v0.3.0 — April 2026** This release fixes a critical installation issue that prevented the skill from appearing in OpenClaw after installation from ClawHub. If you installed an earlier version and the skill was not showing up in your skills list, upgrading to v0.3.0 resolves it. **What changed:** - Fixed skill discovery — the skill now correctly appears in `openclaw skills list` and can be invoked via all standard CLI commands after installation. - Added a Python 3 availability check so the skill only activates on machines where the required runtime is present, avoiding confusing errors on unsupported setups. - Cleaned up the package: removed internal developer files that were included in earlier uploads by mistake. No changes to the analysis engine, SNP panel, or report output. Your results will be identical to previous versions.

Documentation-only fix. Two help files incorrectly described what gets saved to the reproducibility bundle — one said the input filename is stored in provenance.json, another said the input file is checksummed. Both were wrong and contradicted the code (which has never stored the input filename or hashed the input file). Corrected to match actual behaviour: only the SNP reference panel and the output report are checksummed; provenance.json stores timestamp, version, and analysis settings only — never your filename.

## What's changed ### Fix: Absolute paths removed from result dict `report_path` and `figures` in the dict returned by `run_analysis()` previously held full absolute system paths (e.g. `/home/.../nutrigenomics_output_.../report.md`). These are now relative filenames — the caller already has `output_dir` and can join paths itself. Embedding redundant absolute paths in results is a privacy concern for a skill that processes genomic data. - `result["report_path"]` → `"nutrigenomics_report.md"` (relative to `output_dir`) - `result["figures"]["nutrigenomics_radar"]` → `"nutrigenomics_radar.png"` (relative to `output_dir`) - `result["cleanup_reminder"]` → generic message, no path embedded ### Fix: Inaccurate docstring on `analyse_file` The `output_dir` parameter was described as "default: temp directory", contradicting the actual behaviour (a persistent timestamped directory). Docstring corrected. ### Updated: `openclaw.json` output schema `output_dir` added as an explicit field; `report_path` and `figures` descriptions updated to state they are relative to `output_dir`. ### No functional changes Analysis pipeline, scoring, figures, and reproducibility bundle are unchanged. **Full changelog:** [CHANGELOG.md](./CHANGELOG.md)

## What's changed ### Fix: OpenClaw entry point visibility The `run_analysis` function (the OpenClaw platform entry point) has been relocated to immediately after the import block in `openclaw_adapter.py`, before the `NutrigenomicsOpenClaw` class definition. This ensures the function declaration is visible to security scanners that truncate large files during static analysis. Previously, `run_analysis` was defined at the bottom of the class section (~line 285), which caused ClawHub's scanner to report the skill as "Suspicious" because it could not find the declared entry point. ### Version bumps - `openclaw_adapter.py` — 0.2.6 - `generate_report.py` — report header now reads v0.2.6 - `repro_bundle.py` — provenance.json version field: 0.2.6 - `openclaw.json` — 0.2.6-openclaw - `SKILL.md` — 0.2.6 ### No functional changes Output, scoring, figures, and reproducibility bundle are identical to 0.2.5. ## Upgrading Replace `openclaw_adapter.py` with the updated version. No dependency or configuration changes required. **Full changelog:** [CHANGELOG.md](./CHANGELOG.md)

v0.2.5 — Security, privacy & reliability fixes · 5 Apr 2026 This release resolves all issues flagged by the OpenClaw security scanner across two rounds of scanning. No analysis logic has changed — your reports, risk scores, and dietary recommendations are identical to v0.2.3. What was fixed Missing module (path_safety.py) — The adapter imported a path validation module that was never included in the published package, meaning the skill would crash immediately on startup. The module is now included. It validates all file paths before the pipeline touches them, blocking path traversal attacks and enforcing the allowed input extensions (.txt, .csv, .vcf). Output directory handling — The skill previously used Python's tempfile.mkdtemp, which gives no indication that the output folder persists after the run. It now creates an explicitly named nutrigenomics_output_YYYYMMDD_HHMMSS/ folder in your working directory, and the result tells you to delete it when you're done. Input file not fingerprinted — checksums.txt was hashing your genetic input file and storing that hash on disk. A SHA-256 of a genomic file is a stable fingerprint that could re-identify a specific dataset. The input file is now intentionally excluded from checksums. Only the SNP panel definition and the generated report are verified. Input filename not stored — provenance.json was recording the name of your input file. If you named your file something like john_smith_genome.csv, that name would persist in the output directory. It is no longer stored. Provenance now records only the tool version, timestamp, and format arguments. Documentation accuracy — Several docs claimed the reproducibility bundle includes commands.sh (it never did), that reports never contain raw genotypes (they do — your per-SNP calls are what makes the report actionable), and that temp files are auto-cleaned (they aren't). All corrected. openclaw.json manifest — Added output_files_require_manual_cleanup: true to the features block and updated the security notes to accurately describe what is and isn't persisted. Summary of files changed openclaw_adapter.py · repro_bundle.py · path_safety.py (new) · openclaw.json · SKILL.md · IMPLEMENTATION.md · generate_report.py · README.md · README_OPENCLAW.md · CHANGELOG.md

v0.2.4 — Security & transparency fixes · 5 Apr 2026 This release directly addresses the inconsistencies flagged by the OpenClaw security scanner. No analysis logic has changed — your reports, scores, and recommendations are identical to v0.2.3. What changed is that the skill now does exactly what it says it does. What was fixed The scanner flagged three contradictions between the documentation and the actual code: 1. Temp file cleanup — The skill claimed output files were automatically deleted after analysis. They weren't; they stayed on disk. The code now creates a clearly named, timestamped output folder (nutrigenomics_output_YYYYMMDD_HHMMSS/) instead of a misleadingly named temp directory, and the result tells you explicitly to delete it when you're done. 2. Genotypes in reports — The documentation claimed reports "never contain raw genotypes." They do — and that's intentional. Seeing your specific genotype for each of the 58 panel SNPs (e.g. CT for MTHFR, AG for APOE) is what makes the report actionable. The documentation now says so clearly. 3. Reproducibility bundle — The manifest incorrectly listed commands.sh as a generated file. No executable script is or was ever produced. The correct artefacts are README_reproducibility.txt, environment.yml, checksums.txt, and provenance.json — all plain text, nothing runnable. Bottom line for users Your genetic data is still processed entirely locally. Nothing is transmitted. The only change you'll notice is that the output folder has a clearer name and you'll see a reminder to delete it once you've saved your report.

v0.2.3 — Security & Packaging Improvements Added • Path validation for all input, output, and panel files • File type validation (supports .txt, .csv, .vcf only) • Explicit local-only processing safeguards (no network access) Changed • Restricted file access to the working directory • Improved handling of user-provided file paths to prevent unsafe access • Replaced reproducibility script generation with static documentation output Removed • Executable script generation (commands.sh) • Unnecessary build artefacts (__pycache__, .pyc files) Notes • No changes to analysis logic or nutrigenomics outputs • This release focuses on improving security posture and compatibility with ClawHub verification checks

CleanUp References - focus on consumer genetics and nutrition

Remove ClawBio references - focus on consumer OpenClaw experience

Personalised nutrition from genetic data