ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Journal Matchmaker

v1.0.0

Recommend suitable high-impact factor or domain-specific journals for manuscript submission based on abstract content. Trigger when user provides paper abstr...

0· 337·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the included files: SKILL.md documents running scripts/main.py and the repository contains a local journal database and field definitions used for matching. There are no unexpected credentials, binaries, or third-party services required.
Instruction Scope
SKILL.md instructs the agent/user to run the bundled Python script with an abstract and optional filters. The instructions and the code (shown imports and local JSON references) operate on local files (references/*.json) and do keyword/TF-IDF matching; I saw no instructions to read unrelated system files, environment variables, or to send data to external endpoints.
Install Mechanism
No install spec is provided (instruction-only with a bundled script). Dependencies are minimal (requirements.txt contains only 'dataclasses'). Nothing is downloaded or extracted at install time, so there is no high-risk install mechanism.
Credentials
The skill declares no required environment variables, credentials, or config paths. The code imports only standard libraries and reads local JSON reference files; there are no requests for unrelated secrets or access to external accounts.
Persistence & Privilege
always is false (skill is not force-included). The skill does not request persistent system privileges or modify other skills' configuration. Its filesystem access is limited to reading/writing workspace files (per SKILL.md) and local references.
Assessment
This skill appears coherent and limited to local processing of abstracts using the provided journal database. Before installing or running it: (1) Review the bundled references/journals.json if you rely on accurate impact factors (they can be stale); (2) Avoid passing sensitive or unpublished full manuscripts to any third-party runtime; run the script in an isolated/sandboxed workspace if you want extra safety; (3) If you allow passing filenames as --abstract, ensure the script treats them safely (SKILL.md mentions input validation — confirm the implementation prevents ../ path traversal when using file inputs); (4) Treat its recommendations as advisory (not authoritative) and double-check journal scope/IF via official sources before submission.

Like a lobster shell, security has layers — review code before you run it.

Journalvk9776fh9jp53avegb4vgk64fcd821smgPublicationvk9776fh9jp53avegb4vgk64fcd821smglatestvk9776fh9jp53avegb4vgk64fcd821smg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments