ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Journal Impact Factor Trend

v1.0.0

Show journal impact factor and quartile trends over 5 years.

0· 54·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (5-year IF and quartile trends) aligns with the packaged script: scripts/main.py produces trend, quartile and a short analysis. However the implementation uses a small hardcoded mock JOURNAL_DB (three journals) rather than querying Journal Citation Reports or another live source. The SKILL.md implies more flexible outputs (e.g., output formats, configurable CONFIG block) that the script does not implement.
!
Instruction Scope
SKILL.md instructs running scripts/main.py and provides safe-workflow guidance (good). But there are mismatches: SKILL.md documents an --output parameter and mentions editing an in-file CONFIG block or output paths, yet scripts/main.py does not implement an --output flag or any CONFIG block. The script reads a user-supplied journal-list file path with no path-validation/sanitization (it will open any file path provided). While this is common, the instructions do not explicitly warn about validating input paths beyond checklist items, so there's a modest scope/safety gap to be aware of.
Install Mechanism
No install spec, no external packages required, and execution is local Python. This is low risk: nothing is downloaded or installed by the skill.
Credentials
The skill requests no environment variables, no credentials, and no config paths. That is proportionate to its actual behavior (local computation, reading an optional local file).
Persistence & Privilege
always is false and the skill does not request persistent or elevated privileges. It does not modify other skills or system configuration.
What to consider before installing
This package is mostly harmless and runs locally, but note three important points before installing or using it: 1) The script uses a tiny hardcoded mock database (Nature Medicine, Cell, NEJM). It does not fetch live Journal Citation Reports or other authoritative IF sources — if you expect live/complete coverage, this skill will not provide it. 2) The SKILL.md and example parameters mention options (e.g., --output, an in-file CONFIG block, output path controls) that the included script does not implement. Treat the documentation as partially out-of-sync with the code. 3) If you pass --journal-list <file>, the script will open that path directly with no additional sanitization. Only supply trusted file paths and run the script in a sandboxed workspace if you are concerned about reading arbitrary files. If you need a skill that queries live JCR data or supports output formatting, ask the author for an implementation that documents and implements those features (and for clear handling of credentials or API access if required). Otherwise this appears to be a small local demo/tool rather than a production-quality data-fetching skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk9721gac304wpx88y42gnr86mx83k5f2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments