ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Personal Statement

v1.0.0

Use when writing medical school personal statements, residency application essays, fellowship statements, or graduate school admissions essays. Crafts compel...

0· 32·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The stated purpose (medical-personal-statement writing) matches the general content of the SKILL.md and the included script, but SKILL.md describes a richer API (e.g., scripts.personal_statement_writer.PersonalStatementWriter and multiple helper methods) and configuration blocks that do not exist in the repository. The single provided file (scripts/main.py) is a minimal generator stub, so the implementation is incomplete compared with the advertised capabilities.
Instruction Scope
Runtime instructions are limited to validating and running scripts/main.py (python -m py_compile and python scripts/main.py). The instructions do not request files, environment variables, or network access beyond running the packaged script. However, the SKILL.md suggests editing an in-file CONFIG block and using APIs/methods that aren't present — this is scope/instruction mismatch rather than an outright malicious instruction.
Install Mechanism
No install spec is provided (instruction-only with an included script). Nothing will be downloaded or written by an installer; risk from install mechanism is minimal.
Credentials
The skill declares no required environment variables, credentials, or config paths and the code does not access environment variables or external secrets. The requested privileges are proportional to its stated purpose.
Persistence & Privilege
The skill does not request persistent presence (always:false) and has no install-time hooks or requests to modify other skills or system configuration.
What to consider before installing
This package appears safe to run (no network calls, no secrets requested), but it is inconsistent: SKILL.md advertises a full PersonalStatementWriter API and config options that are not present in the code — the repository contains only a small stub. Before installing or relying on it, inspect scripts/main.py yourself, run python -m py_compile scripts/main.py in an isolated environment, and test the script with non-sensitive sample input. Do not provide any real personal identifiers (SSN, DOB, transcripts) to the skill until the implementation and data handling are clarified. If you need the richer features described in the docs, request the author or vendor for the missing modules or a corrected package; absence of an author/homepage increases the risk that this is incomplete or a placeholder.

Like a lobster shell, security has layers — review code before you run it.

latestvk973mg8q6ktp1ckq2hrk13hrw583w5gm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments