ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ML Pipeline

v0.1.0

Complete machine learning pipeline for trading: feature engineering, AutoML, deep learning, and financial RL. Use for automated parameter sweeps, feature cre...

0· 564·4 current·4 all-time
byDan Repaci@ahuserious
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (ML pipeline for trading) aligns with the included scripts and SKILL.md: data validation, feature engineering, AutoML orchestration, evaluation, feature-store integration (described), and deployment. The required resources (none declared) are reasonable for an instruction-only skill containing template scripts.
Instruction Scope
SKILL.md gives high-level, ML-specific guidance (leakage checks, CV, AutoML steps) and asks the agent to gather dataset and pipeline parameters. The bundled scripts operate on local files and directories (validate, analyze, copy, report). There are no instructions to read unrelated system files, harvest environment secrets, or exfiltrate data to external endpoints.
Install Mechanism
No install spec is present (instruction-only skill) and all code is bundled. This is the lower-risk model: nothing is downloaded or exec-installed during install.
Credentials
The skill declares no required env vars or credentials, which matches the bundled scripts (they do local file I/O only). SKILL.md mentions integrating with feature stores (Feast, Tecton) and AutoML libraries — those integrations would typically require credentials or external dependencies, but the skill does not request them. This is not necessarily malicious but means the agent will expect the user to provide any required service credentials or local configs at runtime.
Persistence & Privilege
always is false and the skill does not request persistent system-wide privileges. The deployment script writes to a target directory chosen at runtime and creates a .deployment.json and deployment_report.json in that target — expected behavior for a deployment utility. The skill does not modify other skills or global agent configuration.
Assessment
This package appears coherent with its stated purpose and the included scripts operate on local files (validation, analysis, copying, reporting). Before installing or running: (1) review and run the scripts in a controlled environment (not against sensitive system directories), (2) if you plan to connect to external feature stores or AutoML services, supply credentials only via secure mechanisms and be aware the skill does not declare or manage them, (3) note the deployment script will copy files into whatever target path you provide (use a sandbox or container if unsure). If you need higher assurance, ask the author for provenance or run the code in an isolated VM/container.

Like a lobster shell, security has layers — review code before you run it.

latestvk975n70dwgcywasp1dtyjy6g6x81z3g7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments