ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Presentation Hook

v1.0.0

Creates engaging opening statements and powerful closings for medical.

0· 39·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description match the actual capability: the packaged Python class generates short opening/closing hooks for medical topics. No unrelated credentials or binaries are requested.
!
Instruction Scope
SKILL.md instructs users to run the packaged script with inputs, edit a CONFIG block, and use input/output paths; however, scripts/main.py contains a simple generator with a hard-coded main() and no CLI or file-read/write logic. The instructions therefore overstate the script's runtime behavior and grant the agent implied permissions (file I/O, configurable execution) that aren't implemented.
Install Mechanism
No install spec is provided (instruction-only packaging with a small helper script). Nothing is downloaded or extracted; risk from installation mechanism is low.
Credentials
The skill requests no environment variables, credentials, or config paths and the code does not access any secrets or external services. Requested access is proportionate to the stated purpose.
Persistence & Privilege
always is false and there is no code that modifies agent configuration or requests persistent presence. The skill does not request elevated privileges.
What to consider before installing
This package appears to be a small, local hook generator and does not contact external services or request credentials — that lowers risk. However, the documentation promises CLI parameters, configurable input/output handling, and file operations that the included script does not actually implement; this mismatch is likely sloppy packaging rather than malicious but you should verify before running. Recommended steps: (1) Inspect scripts/main.py (it is short and readable) and confirm it does only string construction (no network, no file writes). (2) If you need CLI or file I/O, modify the script yourself or ask the author for the intended implementation. (3) Run it in a sandbox or isolated environment first (python -m py_compile scripts/main.py; then run it) and avoid passing any protected health information (PHI) into the tool unless you confirm it handles PHI according to your policies. (4) If you plan to let an agent invoke this autonomously, be aware the SKILL.md claims more capabilities than present — ensure the agent won't attempt file operations the script can't handle.

Like a lobster shell, security has layers — review code before you run it.

latestvk97afxvbgrgbm9fsfnqnqccva183xr06

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments