ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Survival Analysis (KM)

v1.0.0

Generates Kaplan-Meier survival curves, calculates survival statistics (log-rank test, median survival time), and estimates hazard ratios for clinical and bi...

1· 379·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description, SKILL.md, requirements.txt, sample data, and scripts/main.py all align with a survival-analysis tool. Declared dependencies (lifelines, pandas, numpy, matplotlib, seaborn) are appropriate and expected.
Instruction Scope
The SKILL.md instructs running the included Python script with a CSV input and writing outputs to a results directory — this matches the code. Minor inconsistencies in SKILL.md (parameter table flags: e.g., `--group` and `--risk-table` marked as required in the table while elsewhere optional) are documentation issues but do not indicate malicious intent. The doc requests input-path validation and restricting output to workspace, but the visible code performs only basic path existence and CSV validation; there is no explicit sanitization of output path nor explicit enforcement against `../` traversal in the shown code.
Install Mechanism
No install spec; skill is instruction-only and ships a requirements.txt for pip. This is standard for Python scripts and is low risk compared to downloading arbitrary binaries from unknown hosts.
Credentials
The skill requests no environment variables or credentials. Dependencies are reasonable for the stated purpose. There are no signs of unrelated credential access in the provided code.
Persistence & Privilege
always:false and no install hooks were provided. The skill does not request persistent/privileged presence or modification of other skill configs based on the supplied files.
Assessment
This package is coherent with its stated purpose and uses appropriate libraries. Before installing/using: (1) run the script in an isolated sandbox (non-production) with non-sensitive test data; (2) review the full scripts/main.py (the provided copy was truncated in the bundle you gave me) to confirm there are no network calls, hidden subprocess invocations, or filesystem accesses beyond the declared input/output; (3) pin dependency versions in requirements.txt to reduce supply-chain risk; (4) ensure the output directory and input paths are validated/sandboxed to avoid accidental path traversal or overwriting important files; and (5) if you will analyze real clinical data, get a biostatistician to review results and ensure you meet privacy/regulatory requirements.

Like a lobster shell, security has layers — review code before you run it.

Data-analysisvk972d2dqby91cpyhsvabpgypm582026qSurvival analysisvk972d2dqby91cpyhsvabpgypm582026qlatestvk972d2dqby91cpyhsvabpgypm582026q

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments