ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Standards Compliance Checker

v2.1.0

Check data compliance with construction standards. Validate data against ISO 19650, IFC, COBie, UniFormat standards.

0· 1.5k·2 current·2 all-time
by@datadrivenconstruction
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (standards compliance for ISO 19650, IFC, COBie, UniFormat) match the declared requirements: it needs python3 (to run the example code) and the claw.json lists filesystem permission which is consistent with accepting file paths and local project data.
Instruction Scope
instructions.md and SKILL.md focus on gathering user-provided data, validating it with rule sets, and returning structured results. The SKILL.md includes example Python code for rule checking. The instructions explicitly say to only use data provided by the user, but the skill is granted filesystem permission — ensure the agent will only read files the user supplies and not arbitrary system files. The provided SKILL.md was truncated in the package listing, so full runtime instructions could contain additional behavior not visible here.
Install Mechanism
There is no install specification (instruction-only), so no archives or third-party packages are downloaded. This is the lowest install risk; requiring python3 is reasonable for the provided example code.
Credentials
The skill requests no environment variables or credentials. That aligns with a local data validation tool. No external service keys are required according to the manifest and instruction files.
Persistence & Privilege
always is false and the skill is user-invocable (normal). The claw.json lists the 'filesystem' permission which gives it potential to read files; this is proportionate for a data-validation skill that accepts file paths, but you should confirm the runtime enforces that only user-specified files are read and that the skill will not persist or exfiltrate data.
Assessment
This skill looks coherent for validating construction data: it needs python3 and can read local files to validate against rules. Before installing or running it: (1) Review the full SKILL.md/instructions for any network calls or endpoints (the provided SKILL.md in the listing was truncated); (2) Only supply project files you are comfortable sharing and avoid giving system or credential files as input; (3) Because the manifest grants filesystem access, run the skill in a sandbox or with least privilege (limit which directories it can read) if possible; (4) If you need to validate sensitive data, prefer running the example Python code locally under your own control rather than letting the agent autonomously access files. If you want higher assurance, ask the publisher for the full source files or a signed release from the homepage before trusting it with production data.

Like a lobster shell, security has layers — review code before you run it.

latestvk976vggzcd3a9d4emy510fqyjx816f27

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📐 Clawdis
OSmacOS · Linux · Windows
Binspython3

Comments