ClawHub

Survival Analysis (KM)

Security checks across malware telemetry and agentic risk

Overview

This appears to be a local survival-analysis tool with no evidence of hidden or malicious behavior, but users should handle clinical data and Python dependencies carefully.

This skill looks coherent for local Kaplan-Meier survival analysis. Before installing or running it, use a dedicated Python environment, consider pinning dependency versions, and make sure any clinical input data and generated reports are stored only in approved locations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI04: Agentic Supply Chain Vulnerabilities
Low
What this means

Installing later package versions could change behavior or inherit upstream package risk.

Why it was flagged

The skill depends on third-party Python packages without version pins. This is common and purpose-aligned for a scientific analysis script, but it leaves exact package versions to the install environment.

Skill content
lifelines
matplotlib
numpy
pandas
seaborn
Recommendation

Install in a dedicated Python environment and consider pinning known-good package versions for reproducible clinical analyses.

#
ASI02: Tool Misuse and Exploitation
Info
What this means

The tool can read the selected input file and create or overwrite expected result files in the selected output location.

Why it was flagged

The script reads a user-specified CSV and writes results to a user-specified output directory. This is necessary for the tool's purpose, but it means the user or agent controls local file paths.

Skill content
parser.add_argument('--input', '-i', required=True, help='Input CSV file path')
parser.add_argument('--output', '-o', required=True, help='Output directory for results')
Recommendation

Use explicit, project-specific input and output paths, and avoid pointing the output directory at locations containing important files.

#
ASI06: Memory and Context Poisoning
Low
What this means

Generated plots, CSV summaries, and reports may reveal information derived from clinical datasets.

Why it was flagged

The documented use case includes clinical survival datasets, which may contain sensitive patient or study data. The outputs are local analysis artifacts rather than agent memory or network sharing, but users should still treat them as sensitive.

Skill content
clinical and biological survival data analysis
Recommendation

Use de-identified datasets where possible and store generated outputs only in approved project locations.