ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Post-doc Fellowship Matcher

v1.0.0

Filter and match postdoctoral fellowship opportunities based on applicant nationality, years since PhD, and research field from a curated database.

0· 35·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill claims to normalize free-text research fields and return ranked matches from a curated database (SKILL.md + references/fellowships.md). The included script (scripts/main.py) accepts a field parameter but does not use it for filtering or normalization; it only filters by nationality and years. The SKILL.md and references list more fellowships and different eligibility rules (e.g., Marie Curie, Schmidt Science Fellows, and specific eligibility text) than the small FELLOWSHIPS list embedded in the code. These mismatches mean the implemented capability is materially weaker than advertised.
!
Instruction Scope
Runtime instructions are narrowly scoped and safe to run (compile and run the script), and SKILL.md points to references/fellowships.md as the database. However, the instructions imply behavior (field normalization, using the full database, match rationale) that the code does not implement. The mismatch between documented workflow and actual runtime behavior is the main scope concern.
Install Mechanism
No install spec or external downloads; the skill is instruction-only with a small local Python script and local reference file. No third-party packages or network installs are requested.
Credentials
The skill requests no environment variables, no credentials, and references only local files. There is no indication of unnecessary credential or environment access.
Persistence & Privilege
The skill does not request persistent/always-on presence, does not modify other skills or agent-wide settings, and uses only local files. No elevated privileges are requested.
What to consider before installing
This skill is not malicious, but it is inconsistent: SKILL.md promises field normalization and a richer curated database, while scripts/main.py ignores the 'field' parameter and uses a small hard-coded fellowship list with different eligibility details. Before installing or relying on results, consider: (1) Do not use this output as authoritative — verify eligibility and deadlines on official sites. (2) If you expect field-based matching, inspect or update scripts/main.py to implement normalization and to load references/fellowships.md (or confirm why it was omitted). (3) Note small inconsistencies in eligibility (e.g., NIH years and NSF nationality differ between code and references); ask the author for clarification or fix the code. If you lack the ability to review/patch the code, treat outputs as a very rough filter only.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e0trn383fh3x9m62njxnyfs83wnwn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments