ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Meta-Analysis Forest Plotter

v1.0.0

Use when creating forest plots for meta-analyses, visualizing effect sizes across studies, or generating publication-ready meta-analysis figures. Produces hi...

0· 41·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The declared purpose (generate publication-ready forest plots and meta-analysis stats) matches the included code and listed Python dependencies (numpy, scipy, matplotlib, pandas). The code shows meta-analysis calculations and plotting functionality, which is coherent with the description.
!
Instruction Scope
The SKILL.md examples import scripts.forest_plotter and call scripts/forest_plotter.py on the CLI, but the repository contains scripts/main.py (no scripts/forest_plotter.py). SKILL.md also references resources (references/forest-plot-styles.md, examples/sample-plots/) that are not present in the manifest. These mismatches mean the provided runtime instructions may fail or behave differently than documented. The instructions do legitimately require reading input CSV/JSON files and writing plot files; that file I/O is expected for the tool but the mismatched paths increase risk of unexpected behavior.
Install Mechanism
There is no install spec (instruction-only install) and no remote downloads; risk from installation mechanisms is low. The included requirements.txt lists standard scientific Python packages consistent with the task.
Credentials
The skill requests no environment variables or credentials and has no config path requirements. The declared needs are proportionate for a local plotting tool.
Persistence & Privilege
always is false and there is no indication the skill requests permanent agent privileges or edits other skills. The agent-invocation defaults are unchanged.
What to consider before installing
This package looks like a legitimate forest-plot tool, but the SKILL.md and file manifest are inconsistent. Before installing or enabling it: 1) Inspect the full scripts/main.py (the file is large and was truncated in the manifest) to confirm there are no network calls, secrets exfiltration, or unexpected filesystem access. 2) Note that examples/imports refer to scripts/forest_plotter.py and to 'references/' and 'examples/' directories that are not included—this will likely cause runtime errors; correct import paths or rename files before use. 3) Run it in a sandboxed environment (or a virtualenv) and install dependencies from requirements.txt to verify behavior on sample data. 4) If you plan to let an agent invoke this skill autonomously, be aware it will read input CSV/JSON files and write plot files on disk; confirm that's acceptable. If you need higher assurance, ask the author for a complete, consistent package (matching filenames and including referenced resources) or request provenance/source (homepage, repo) before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk970dwefg07me97w7c22gckcmd83qnxa

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments