ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Concept Explainer

v0.1.0

Uses analogies to explain complex medical concepts in accessible terms.

0· 101·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description match the code: scripts/main.py provides analogy-based explanations for a set of medical concepts and supports audience levels (child/patient/student). Minor mismatch: SKILL.md lists 'Visual description support' and some broader feature language, but the code does not implement any visual-generation or image handling — the implementation is a static dictionary of analogies.
Instruction Scope
Runtime instructions and the script stay within the advertised domain (generate and optionally write JSON explanations). The script accepts an --output path and will write the JSON there without path sanitization or explicit checks, so a maliciously crafted path could overwrite local files if the user supplies it. There are no commands that read arbitrary system files, access environment variables, or call external services.
Install Mechanism
Instruction-only / script-only skill with no install spec and no external dependencies; nothing is downloaded or installed by the skill.
Credentials
No environment variables, credentials, or config paths are requested. The script operates solely on command-line arguments and an internal static data map.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and does not persist credentials or agent settings. It runs only when invoked and has no elevated platform privileges.
Assessment
This skill appears to be a small, self-contained Python script that generates analogy-based explanations for a fixed list of medical concepts. Before installing or running it: (1) Verify you trust the source since it will execute code locally (no auto-downloads were found). (2) If you expect to use the --output option, be careful: the script writes to the specified path without sanitization and could overwrite files if you provide a sensitive path—prefer running without --output or use a sandboxed workspace. (3) Note the skill is not a substitute for professional medical advice; review outputs for accuracy before sharing with patients. (4) SKILL.md mentions visual support which is not implemented—if you need that, validate or extend the code. (5) If you want stronger safety, run the script in an isolated environment and consider adding path validation and stricter input checks.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cry2rbtwcg4jyqtg7em1b3h835g0p

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments