ClawHub

SDS/MSDS Risk Scanner

v1.0.0

Extract hazard codes and safety info from chemical safety datasheets.

0· 70·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included code: a small local parser that extracts H- and P-codes and produces a risk level. The SKILL.md and examples imply the script will accept an input SDS file (--sds) and produce outputs, but scripts/main.py currently only implements a --demo mode and does not read the --sds file. This is a functional mismatch (missing file I/O implementation) rather than an unexplained or malicious requirement.
Instruction Scope
SKILL.md guides the agent to validate inputs, run the packaged script, and read/write workspace files. Those instructions stay within the skill's stated purpose. However, the runtime instructions expect the script to process input files while the shipped script only prints demo output; the agent may be instructed to read/write files when the code does not implement that behavior. The instructions do not ask for unrelated system files, environment variables, or external endpoints.
Install Mechanism
No install spec; script is instruction-only with a small local Python file. No downloads, third-party installers, or archive extraction are present.
Credentials
No environment variables, credentials, or config paths are requested. This is proportionate to the described functionality.
Persistence & Privilege
Skill does not request always:true and does not modify system/other-skill config. It runs locally when invoked; autonomous invocation is allowed by default but not combined with any broad privileges here.
Assessment
This skill appears to be a small, local SDS text parser and is internally coherent and low-risk as packaged. However, the shipped script is effectively a demo: it implements --demo output but does not open or process an --sds input file despite the SKILL.md examples. Before relying on this skill: 1) Review/modify scripts/main.py to implement safe file reading if you intend to feed real SDS files (open files defensively, validate/sanitize paths to prevent ../ traversal). 2) Confirm there are no network calls added later and consider running the script in a sandboxed workspace when testing. 3) Add tests for edge cases and large files, and pin any future third-party dependencies. 4) If you plan to allow autonomous agent invocation, be comfortable that the agent may read/write workspace files per the instructions — restrict the workspace and run in a controlled environment. Overall, there are no red flags for credential exfiltration or hidden endpoints, but the functional mismatch (demo-only behavior) should be fixed before production use.

Like a lobster shell, security has layers — review code before you run it.

latestvk979vk5mrwtyp6w61f0bfhza5583yy6s

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments