ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Guitar Chord

v1.0.2

Guitar chord toolkit with chord identification, chord diagrams, capo calculation, and more. Features: - Identify chord from notes (reverse lookup) - Look up...

0· 339·2 current·2 all-time
byDeAnti-@deantiwang
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (guitar chord toolkit) aligns with the provided code and SKILL.md: the Python script implements forward/reverse lookup, scales, inversions, and diagram support. However the script attempts to call an external ascii_chord tool via 'cargo run' in ~/workspace/ascii_chord to produce diagrams; SKILL.md does not document this dependency or the requirement for cargo/a local project, so there's a proportionality/documentation mismatch.
!
Instruction Scope
SKILL.md instructs the agent to run the included python script (expected). The script, however, accesses the user's home directory (os.path.expanduser('~') → ~/workspace/ascii_chord) and runs subprocess.run(['cargo','run','--','get',chord_name], cwd=cwd), executing code found in that local directory if present. SKILL.md does not disclose this filesystem access or the execution of a separate tool. The script also contains coding errors/unreachable blocks (e.g., a return in normalize_note followed by code that will never run), indicating sloppy implementation that may cause unexpected behavior.
Install Mechanism
No install spec — instruction-only skill with a bundled script. That is low-risk relative to download-and-extract installs. The only install-like behavior is reliance on an external tool (cargo) which is not declared.
Credentials
The skill declares no env vars or credentials (good). The script reads the user's home path and attempts to run a local program under ~/workspace/ascii_chord. Accessing the home directory for a local diagram tool is plausible for diagram support, but it should be documented; running code from a hardcoded user path without explicit permission is disproportionate to the stated simple chord lookup capability.
Persistence & Privilege
No elevated privileges requested, always:false, and no persistent modifications are declared. The skill does not request to be always-enabled nor modify other skills or system-wide config.
What to consider before installing
This skill appears to implement the advertised chord features, but exercise caution before running it as-is. The bundled script will attempt to execute 'cargo run' in ~/workspace/ascii_chord to produce ASCII diagrams — that runs code from that local directory (if present) and requires Rust/Cargo to be installed, yet the README/SKILL.md doesn't mention this dependency. Recommendations: - Inspect the full script (already included) and remove or sandbox the get_ascii_chord call if you don't want any subprocess builds/executables run. - If you need diagrams, install and review the ascii_chord project in a controlled location you trust, or modify the script to call a packaged binary you vet. - Be aware the script has identifiable bugs/unreachable code; test in an isolated environment before giving it broad use. If you want to proceed, ask the author to document the cargo/local-project requirement or provide a pure-Python diagram fallback.

Like a lobster shell, security has layers — review code before you run it.

latestvk977tas02dhbrp9gzsdnhttwzn831qsf
339downloads
0stars
3versions
Updated 12m ago
v1.0.2
MIT-0
DeAnti-@deantiwang
latest
Download

Guitar Chord Tool

1. Forward Lookup (Chord Name → Notes)

python3 chord_identifier.py <chord_name>

Example:

python3 chord_identifier.py Cmaj7
→ **Cmaj7**
  Notes: C, E, G, B

2. With Chord Diagram

python3 chord_identifier.py <chord_name> --diagram

3. Reverse Lookup (Notes → Chord Name)

python3 chord_identifier.py --identify <note1> [note2] ...

Example:

python3 chord_identifier.py --identify C E G B
→ Result:
  • Cmaj7

4. Chord Inversions

python3 chord_identifier.py --inversion <chord_name>

Example:

python3 chord_identifier.py --inversion C7
→ **C7** inversions:
  Root: C, E, G, A#
  1st: E, G, A#, C
  2nd: G, A#, C, E
  3rd: A#, C, E, G

5. Drop2 Voicings

python3 chord_identifier.py --drop2 <chord_name>

Drop2 是一种常见的吉他扩展和弦 voicing:把七和弦的第二高音(纯五度)降一个八度,产生更"开阔"的音色。

Example:

python3 chord_identifier.py --drop2 Cmaj7
→ **Cmaj7 大七** Drop2 Voicings:
  原位: C, E, G, B
  Drop2: C, G, B, E
  
  常见 Guitar Voicings:
  Root pos.: X-3-2-1-1-0 → C,G,B,E
  1st inv.: X-X-0-2-1-0 → E,C,G,B
  ...

6. Scale Lookup

python3 chord_identifier.py --scale "<scale>"
python3 chord_identifier.py --scale "<scale>" --diagram

Supported scales:

  • major, minor, harmonic_minor, melodic_minor
  • pentatonic_major, pentatonic_minor, blues
  • dorian, phrygian, lydian, mixolydian, locrian

Example:

python3 chord_identifier.py --scale "C major"
→ **C Major**
  Scale: C, D, E, F, G, A, B

7. Capo Calculator

Formula: Actual Pitch = Open Chord Pitch + Capo Fret

Quick Reference:

Chord1st2nd3rd4th
CC#/DbDD#/EbE
GG#/AbAA#/BbC
AmA#/BbBCC#/Db

Supported Chord Types

  • Triads: major, minor, diminished, augmented, sus2, sus4
  • Sevenths: maj7, 7, m7, m7b5, dim7, aug7, maj7#5, 7#5, 7b5, mMaj7
  • Ninths: maj9, 9, m9

Note Formats

Supports:

  • Natural: C, D, E, F, G, A, B
  • Sharps: C#, D#, F#, G#, A#
  • Flats: Db, Eb, Gb, Ab, Bb
  • Symbols: ♯ (sharp), ♭ (flat)
  • Case insensitive

Comments

Loading comments...