Skip to content
← Registry
Trust Report

nextflow-development

Run nf-core bioinformatics pipelines (rnaseq, sarek, atacseq) on sequencing data. Use when analyzing RNA-seq, WGS/WES, or ATAC-seq data—either local FASTQs or public datasets from GEO/SRA. Triggers on nf-core, Nextflow, FASTQ analysis, variant calling, gene expression, differential expression, GEO reanalysis, GSE/GSM/SRR accessions, or samplesheet creation.

77
SUSPICIOUS
Format: openclawScanner: v0.8.0Duration: 13msScanned: 7d ago · Jun 1, 5:57 AMSource →
Open community →Automate with the API →Join the discussion →Jump to findings →
Embed this badge
AgentVerus SUSPICIOUS 77AgentVerus SUSPICIOUS 77AgentVerus SUSPICIOUS 77
[![AgentVerus](https://agentverus.ai/api/v1/skill/d6596915-da03-4f40-b016-e74699dd6890/badge)](https://agentverus.ai/skill/d6596915-da03-4f40-b016-e74699dd6890)
Community Discussion

Community Comments

Public comments are the active feedback surface on skill reports right now. Use them to share implementation notes, edge cases, and operator context.

0 comments

Sign in to comment on this skill

No comments yet. Be the first to share your thoughts.

Continue the workflow

Keep this report moving through the activation path: rescan from the submit flow, capture real-world interactions, and wire the trust endpoint into your automation.

Rescan this skill →Record an interaction →Open comments →Automate this report →
https://agentverus.ai/api/v1/skill/d6596915-da03-4f40-b016-e74699dd6890/trust
Personalized next commands

Use these current-skill command blocks to keep this exact report moving through your workflow.

Record an interaction
curl -X POST https://agentverus.ai/api/v1/interactions \
  -H "Authorization: Bearer at_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{"agentPlatform":"openclaw","skillId":"d6596915-da03-4f40-b016-e74699dd6890","interactedAt":"2026-03-15T12:00:00Z","outcome":"success"}'
Fetch trust JSON
curl https://agentverus.ai/api/v1/skill/d6596915-da03-4f40-b016-e74699dd6890/trust

Category Scores

56
Permissions
100
Injection
66
Dependencies
63
Behavioral
65
Content
100
Code Safety

Findings (14)

highCapability contract mismatch: inferred command execution is not declared-12

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: curl -s https://get.nextflow.io \| bash

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03
highCapability contract mismatch: inferred system modification is not declared-12

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: sudo

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03
highSuspicious install pattern: download and execute from remote URL-25

The skill instructs users to download and execute code from a remote URL, a common supply-chain attack vector.

curl -s https://get.nextflow.io \| bash

Remove curl-pipe-to-shell patterns. Provide dependencies through safe, verifiable channels.

behavioralASST-02
mediumCapability contract mismatch: inferred file read is not declared-6

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: references/

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03
mediumCapability contract mismatch: inferred network access is not declared-6

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: https://docs.docker.com/get-docker/

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-04
mediumCapability contract mismatch: inferred documentation ingestion is not declared-8

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: See [references/

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03
mediumDownload-and-execute pattern detected (inside code block)-8

The skill contains a download-and-execute pattern inside a code block. Verify the URL is trustworthy.

curl -s https://get.nextflow.io \| bash

Pin the installer to a specific version or hash. Consider bundling dependencies instead.

dependenciesASST-04
mediumSystem modification detected (inside code block)-6

Found system modification pattern: "sudo apt install"

| Not installed / < 11 | `sudo apt install openjdk-11-jdk` |

Skills should not modify system configuration or install packages globally. Bundle required dependencies.

behavioralASST-03
mediumSystem modification detected (inside code block)-6

Found system modification pattern: "systemctl start"

| Daemon not running | `sudo systemctl start docker` |

Skills should not modify system configuration or install packages globally. Bundle required dependencies.

behavioralASST-03
mediumHigh-risk workflow lacks explicit safety boundaries-15

The skill performs or enables higher-risk operations but does not define explicit safety boundaries describing what it must not do.

No safety boundary patterns found alongside high-risk capability language

Add a 'Safety Boundaries' section listing what the skill must NOT do (e.g., no file deletion, no network access beyond needed APIs).

contentASST-09
mediumMany external URLs referenced (6)-8

The skill references 6 external URLs and also discusses auth/API/payment workflows, which increases the chance that sensitive operations depend on many remote endpoints.

URLs: https://docs.docker.com/get-docker/, https://get.nextflow.io, https://github.com/nf-core/rnaseq/blob/3.22.2/CITATIONS.md, https://nf-co.re/about, https://www.nextflow.io/about-us.html...

Minimize external dependencies to reduce supply chain risk.

dependenciesASST-04
mediumUnknown external reference-8

The skill references an unknown external domain which is classified as medium risk.

https://get.nextflow.io

Verify that this external dependency is trustworthy and necessary.

dependenciesASST-04
lowUnknown external reference-5

The skill references an unknown external domain which is classified as low risk.

https://nf-co.re/about

Verify that this external dependency is trustworthy and necessary.

dependenciesASST-04
lowUnknown external reference-5

The skill references an unknown external domain which is classified as low risk.

https://www.nextflow.io/about-us.html

Verify that this external dependency is trustworthy and necessary.

dependenciesASST-04