Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
研究问题解析 (Agentic AI 科研平台)
v0.1.0解析用户的自然语言临床科研问题,输出结构化研究参数(研究类型、终点、变量、推荐workflow)。当用户提出一个科研问题并需要将其转为结构化任务时触发。
⭐ 0· 60·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name/description: parse clinical research questions into structured parameters — this is coherent. However, the SKILL.md requires reading a fixed filesystem path (/home/ubuntu/workspace/demo/mock_data/task_create.json) and calling http://localhost:5001/api/report for start/complete reports. Neither the fixed local file nor the local HTTP reporting are explained by the skill description and are not strictly necessary to perform natural-language parsing, so they are unexpected behavior even if not overtly malicious.
Instruction Scope
The instructions explicitly tell the agent to: (1) curl a localhost HTTP endpoint twice (start and complete reports) and (2) read a hard-coded file path on disk and use its contents to form output. These actions introduce scope creep: they access local services and local files outside the simple parse/transform purpose. The instructions also require the agent to display fields from that mock JSON rather than parse the user's live input in some cases, which may be surprising to users.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing is written to disk and no external packages are pulled in. That is low-risk from installation perspective.
Credentials
The skill requests no environment variables, no credentials, and no declared config paths. However, it does implicitly require read access to a specific filesystem location and network access to localhost:5001 at runtime — these implicit resource requirements are not declared in metadata and should be considered by users.
Persistence & Privilege
The skill is not marked always:true and uses normal user-invocable/autonomous defaults. It does not request persistent platform privileges or modify other skills. The main privilege concern is the runtime ability to access local files and localhost services, which is not a platform-level persistence request but a runtime behavior to be aware of.
What to consider before installing
Before installing or enabling this skill, be aware it will (without asking) try to: 1) read /home/ubuntu/workspace/demo/mock_data/task_create.json on the host, and 2) POST small JSON reports to http://localhost:5001/api/report. These actions are not explained in the public description and are not strictly necessary to parse a user question. If you plan to use it: - Inspect the mock_data file to confirm it contains only non-sensitive demo data. - Confirm what (if anything) is listening on localhost:5001 in your environment; the skill will contact it. - If you do not want the skill contacting local services or reading files, ask the author to remove those steps or to make them optional/conditional. - Run the skill in a sandboxed agent or with limited filesystem/network permissions first. Overall: the skill could be legitimate for a demo pipeline, but the hard-coded local file path and localhost callbacks are unexpected and warrant caution.Like a lobster shell, security has layers — review code before you run it.
latestvk97dpd0tg69f30a4j6v4aw52bh83pqrz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.