ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Conference Schedule Optimizer

v0.1.0

Use when planning conference schedules, optimizing session selection at scientific meetings, managing time between presentations, or maximizing networking at...

0· 108·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The SKILL.md describes a feature-rich ConferenceScheduler (methods like prioritize_sessions, create_schedule, plan_networking, add_travel_time, export to iCal, and a scripts/schedule_optimizer.py CLI). The included code (scripts/main.py) defines a ScheduleOptimizer class with simpler methods (load_schedule, score_session, optimize, print_schedule) and a different CLI (--schedule, --interests, --must-attend). Many capabilities advertised in the docs (PDF parsing, calendar export, travel-time with venue maps, networking target generation) are not implemented in the code. This mismatch is disproportionate to the stated purpose and will likely cause runtime errors or unmet expectations.
!
Instruction Scope
SKILL.md instructs the agent to read conference program PDFs, export iCal files, perform 'real-time update with room changes' and 'notify' behavior, and references modules/classes that don't exist in the code. The instructions therefore grant the agent permission to read files (PDFs, venue maps) and potentially act on calendar exports, but the provided implementation only reads a JSON schedule file and writes JSON. The documentation's scope is broader than the code's behavior, which is a scope/instruction inconsistency.
Install Mechanism
There is no install spec; this is an instruction-only skill with one included Python script. No binaries, remote downloads, or archive extraction are specified, so there is no elevated install risk.
Credentials
The skill declares no required environment variables, no primary credential, and no config paths. The code likewise does not read environment variables or secrets. The lack of requested credentials is proportional to the actual (simple) implementation.
Persistence & Privilege
always is false and the skill does not request or modify other skills or system settings. Model invocation is allowed (default) but that is normal; there is no sign of persistent or privileged behavior in the package.
What to consider before installing
The skill's documentation promises many advanced features, but the bundled code only implements a simple JSON-based scheduler under a different module/file name. This is most likely an incomplete or mispackaged skill rather than obviously malicious, but you should proceed cautiously. Before installing or granting agent autonomy: 1) Ask the publisher for the correct source or a matching implementation (the SKILL.md references scripts/schedule_optimizer.py and ConferenceScheduler, but code provides scripts/main.py and ScheduleOptimizer). 2) Inspect and run the included script in a sandbox with a sample JSON schedule to confirm behavior (no network activity, no unexpected file reads). 3) If you need features advertised in SKILL.md (PDF parsing, iCal export, notifications), do not rely on this package until those features are actually implemented and reviewed. 4) Prefer publishers with a homepage/repo and a verifiable origin; avoid giving credentials or access to calendars until the code and docs align.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ep7pteb05d5j1jakc839m7n8369te

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments