ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Cluster

v1.0.0

Perform data clustering analysis using k-means and hierarchical algorithms. Use when you need to group, classify, or segment datasets.

0· 106·0 current·0 all-time
byBytesAgain2@ckchzh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the actual implementation. The included scripts implement k-means and simple hierarchical clustering, evaluation metrics, import/export, and listing of runs — all coherent with a clustering tool.
Instruction Scope
Runtime instructions are narrowly scoped: they tell the agent/user to supply input file paths and flags via environment variables and to run the bundled script. The code reads the specified input file(s), writes results to ~/.cluster/data.jsonl and config to ~/.cluster/config.json, and does not access unrelated system paths, network endpoints, or other credentials.
Install Mechanism
There is no install spec; this is instruction-only plus a bundled script. The script is executed locally and no external packages or remote downloads are performed. The Python code uses only the standard library.
Credentials
The skill does not request any credentials or special environment variables from the registry. Runtime environment variables (INPUT, K, ALGORITHM, RUN_ID, etc.) are normal for command-line tools and relate directly to the tool's purpose. No secrets or unrelated service keys are required.
Persistence & Privilege
always is false and the skill does not request persistent platform privileges. It creates and writes its own data and config under ~/.cluster, which is expected for this kind of tool and does not modify other skills or system-wide agent settings.
Assessment
This skill runs locally and appears to do only local clustering: you must provide input files via the INPUT environment variable and results are appended to ~/.cluster/data.jsonl and config is stored in ~/.cluster/config.json. Recommended precautions before installing/using: (1) review the bundled scripts (scripts/script.sh) yourself — they will be executed on your machine; (2) avoid pointing INPUT at sensitive files unless you are comfortable with the tool recording the input_file path and derived results in ~/.cluster; (3) if you need to remove traces, delete ~/.cluster; (4) ensure Python 3.8+ is available and be mindful of memory/CPU for large datasets. Nothing in the package indicates network communication or credential exfiltration.

Like a lobster shell, security has layers — review code before you run it.

latestvk9761wyywfmxzxkwz8z41mj51x834nmj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments