ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Interview Mock Partner

v1.0.0

Simulates behavioral interview questions for medical professionals.

0· 47·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the included code's observable behavior: a simple Python class that returns canned behavioral interview questions for medical roles. However, the SKILL.md advertises additional capabilities (CLI parameters such as --position, --questions, --output and input validation) that are not implemented in scripts/main.py.
!
Instruction Scope
SKILL.md instructs parameterized invocation, file output, and mentions filesystem access and sandboxing expectations. The actual script simply prints a static JSON for a fixed position and does not parse CLI args, read input files, or write output files — this discrepancy gives the agent broad, unspecified behavior in the docs that isn't reflected in the code.
Install Mechanism
No install spec and no external packages required. The skill is instruction-only with one small Python script; nothing is downloaded or written to disk during installation by a package installer.
Credentials
No environment variables, credentials, or config paths are requested. The declared requirements are proportionate to the stated purpose.
Persistence & Privilege
Skill does not request always:true or other elevated persistence. It doesn't modify other skills or agent settings and has no autonomous privilege beyond the platform defaults.
What to consider before installing
The code is simple and doesn't request credentials or network access, so direct maliciousness is not evident — but the SKILL.md advertises CLI parameters, file I/O, and security checks that the provided script does not implement. Before installing or running: (1) ask the author to reconcile docs and code or provide an updated script that implements the advertised features; (2) run the script in an isolated/sandboxed environment to confirm actual behavior; (3) do not assume input validation or safe file handling exists just because the README lists them; (4) if you need the CLI/file features, request a version that accepts and validates parameters and documents exact file paths it will read/write. Because the mismatch could be sloppy engineering or an attempt to mislead, treat it with caution.

Like a lobster shell, security has layers — review code before you run it.

latestvk978xfef51s589zg7zscxpw5a583jg6a

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments