ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Data Model Designer

v2.1.0

Design data models for construction projects. Create entity-relationship diagrams, define schemas, and generate database structures.

0· 4.2k·34 current·39 all-time
by@datadrivenconstruction
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description align with the provided artifacts: the skill is instruction-only, includes Python-based model-generation code and guidance to accept project data and export schemas. Requiring python3 and filesystem access is consistent with reading input files (CSV/Excel/JSON) and exporting results.
Instruction Scope
SKILL.md and instructions.md focus on taking user-provided data, validating it, generating ERD/JSON/SQL outputs, and offering exports. They explicitly constrain processing to user-provided inputs. However the provided SKILL.md content in the package preview is truncated, so I cannot confirm there are no later instructions that perform unrelated actions (network calls, reading arbitrary system paths, or accessing environment variables).
Install Mechanism
Instruction-only skill with no install spec and no included executables — lowest-risk install model. It relies on an existing python3 binary which is reasonable for the code snippets included.
Credentials
The skill declares no required environment variables or credentials. claw.json requests filesystem permission which is proportionate for asking to read user-supplied files and write exports, but filesystem access is broad — it would allow reading any file the agent can access, so the user should ensure the agent is run with appropriate sandboxing and only provide files the skill should process.
Persistence & Privilege
The skill is not always-enabled and does not request persistence or modification of other skills. Autonomous invocation is allowed by platform default (disable-model-invocation:false) which is expected; there is no evidence the skill elevates privileges or modifies agent-wide configuration.
Assessment
This skill appears to do what it says: it uses Python code to generate ER diagrams, JSON schemas, and SQL from user-provided construction project data. Before installing, review the full SKILL.md (the preview here is truncated) to confirm there are no hidden network calls or instructions to read system files or environment variables. Be aware the package requests filesystem permission — only provide input files you intend the skill to access and run the agent in a sandboxed environment if you have sensitive files on the host. If you need higher assurance, request the complete SKILL.md and any example inputs/outputs, or run the skill in an isolated VM/container first.

Like a lobster shell, security has layers — review code before you run it.

latestvk972ygk97eb1k756sx8byjaej9816p66

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📐 Clawdis
OSmacOS · Linux · Windows
Binspython3

Comments