Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Resubmission Deadline Tracker
v1.0.0Track manuscript resubmission deadlines and automatically generate phase-appropriate task breakdowns for academic researchers based on remaining time.
⭐ 0· 30·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description match the included assets: a local Python script, data files, and templates for generating resubmission task schedules. That purpose would legitimately need local JSON storage and task templates. However, references include templates for grant revisions and conference papers (outside the stated manuscript-only scope), which is unexpected but not necessarily malicious.
Instruction Scope
SKILL.md restricts the skill to local tracking and explicitly forbids syncing with journal systems or sending automated reminders. The included SKILL.md instructs running scripts/main.py locally and expects only local file I/O. But the SKILL.md's urgency boundary definitions (Standard / Urgent / Emergency with 3–14 days as 'Urgent') do not match how the included script defines urgency levels (RELAXED, STANDARD, ACTIVE, URGENT, EMERGENCY, OVERDUE with different day bands such as URGENT = 3–7 days and ACTIVE = 7–14 days). This mismatch means the runtime behavior may differ from the documentation; a user relying on the doc could get a different mode than expected. Also the SKILL.md default timezone (Asia/Shanghai) is implemented in the code, which is consistent, but the discrepancy in urgency logic is a material behavioral inconsistency.
Install Mechanism
This is an instruction-only skill with no install spec and only a local Python script and data files. No network downloads or third-party installers are specified, which is low risk from an install-mechanism perspective.
Credentials
The skill declares no required environment variables, no external credentials, and no special config paths. The code appears to read/write local JSON files in the skill's data directory — proportionate to its purpose.
Persistence & Privilege
The skill does not request always:true and does not request persistent system privileges. It creates and uses its own data directory (data/) which is expected for a local tracker. Nothing indicates it alters other skills or global agent settings.
What to consider before installing
What to check before using/installing: 1) Inspect the full scripts/main.py (the provided snippet is truncated) to confirm there are no network calls, telemetry, or hidden endpoints that would exfiltrate data. 2) Because SKILL.md and the script disagree on urgency boundaries (SKILL.md says 3–14 days = Urgent; the script uses finer-grained bands such as 3–7 days for URGENT and 7–14 for ACTIVE), decide which behavior you want and either update the documentation or the code. 3) The requirements.txt lists standard-library modules (dataclasses, enum) — harmless but unnecessary; consider cleaning it. 4) Confirm that storing deadlines in data/deadlines.json is acceptable for your operational environment (it holds manuscript titles/journals and could be sensitive). 5) Run python -m py_compile scripts/main.py and manually run the script in a safe environment to observe I/O and confirm no unexpected network activity. If you cannot review the complete main.py or if the skill will run where sensitive manuscript data is stored, avoid installing until a code review verifies there is no external communication or credential access.Like a lobster shell, security has layers — review code before you run it.
latestvk97cbk3770at762dbsthngsmq983zrpd
License
MIT-0
Free to use, modify, and redistribute. No attribution required.