Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Semantic Consistency Auditor
v1.0.0Use semantic consistency auditor for academic writing workflows that need structured execution, explicit assumptions, and clear output boundaries.
⭐ 0· 26·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill name and some SKILL.md language claim 'academic writing workflows', but the Overview and the code explicitly target evaluation of AI-generated clinical notes against expert gold standards. This mismatch (academic vs clinical/medical) is a material incoherence: a user installing this for generic academic writing may not expect clinical-focused thresholds, defaults, or any data-handling assumptions. The required artifacts (bert_score, comet, torch) are consistent with a semantic-evaluation tool, but the domain mismatch should be clarified.
Instruction Scope
SKILL.md instructs running scripts/main.py and editing a local config under ~/.openclaw/skills/semantic-consistency-auditor/config.yaml; the instructions do not request unrelated system files or credentials. However the code is intended to load models at runtime and process free-text clinical records — so the operational scope includes network model downloads and in-memory processing of potentially sensitive PHI. The runtime instructions are otherwise bounded and audit-oriented (py_compile, --help).
Install Mechanism
There is no automated install spec (instruction-only), which reduces surface risk. The README/requirements direct pip installs (bertscore, comet-ml, transformers, torch). The code uses comet.download_model/load_from_checkpoint (will fetch model files from the network). No unusual URLs or shorteners are present in provided files, but runtime model downloads mean the tool will contact external hosts to fetch model artifacts.
Credentials
The skill declares no required environment variables, credentials, or special config paths beyond a per-skill config file under ~/.openclaw/skills/semantic-consistency-auditor/config.yaml. This is proportionate. However the tool is designed to process clinical text (PHI); the absence of access controls or explicit guidance about handling sensitive data is a privacy concern to weigh before use.
Persistence & Privilege
The skill is not always-enabled, does not request elevated privileges, and does not declare modifications to other skills or system-wide settings. It appears to be a standard, on-demand skill with no special persistence flags.
What to consider before installing
This skill appears to implement a semantic-evaluation tool, but there are two important cautions: (1) domain mismatch — SKILL.md sometimes frames the tool as for academic writing while the code and examples reference clinical notes; clarify intended domain and thresholds before relying on results. (2) privacy and network activity — the script will attempt to import/initialize BERTScore and COMET and will download model artifacts at runtime (network access). Don’t run it on sensitive patient data (PHI) without ensuring compliance and isolation. Recommended next steps before installing or running: inspect the full scripts/main.py (the provided snippet was truncated here), run python -m py_compile scripts/main.py in an isolated virtualenv, pin dependency versions, restrict outbound network access if you want to avoid automatic model downloads, and test with non-sensitive sample data. If you need higher assurance, ask the author for a clear statement of intended domain (academic vs clinical), the full source, and an audit of network endpoints used for model downloads.Like a lobster shell, security has layers — review code before you run it.
latestvk97bgjyjyp9ewbwj8a908pm21d840gpf
License
MIT-0
Free to use, modify, and redistribute. No attribution required.