Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Parenting Growth Partner
v1.0.0AI companion offering evidence-based child development assessments, positive parenting guidance, age-appropriate activities, behavior analysis, and routine s...
⭐ 0· 64·0 current·0 all-time
byhaidong@harrylabsj
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name, description, SKILL.md, and the Python modules all align with an offline parenting guidance tool: milestone tracking, activities, communication, behavior analysis and routines. The data files and engine modules implement the stated features and requested capabilities are reasonable for this purpose.
Instruction Scope
SKILL.md instructs use of the local Python handler and describes inputs/outputs; the runtime instructions stay within the stated domain and do not ask the agent to read unrelated system files or call external endpoints. However, the handler's built-in self-test block contains many malformed print string literals (embedded unescaped newlines inside single-quoted strings) that will cause SyntaxError when run as-is — this is a functional/coherence problem (not a security exfiltration signal) that prevents straightforward execution of the provided handler.
Install Mechanism
There is no install spec and no external downloads; code is instruction-only plus local Python files. This is low risk from an installation/execution origin perspective. Minor inconsistency: package.json is present (Node-style) despite the runtime being Python; this is a packaging/metadata mismatch but not an installation red flag.
Credentials
The skill requests no environment variables, credentials, or config paths. Its functionality is implemented with local data files and in-memory processing, so there are no disproportionate secret or credential requests. Note: the skill will process sensitive user-provided child profile data in memory — consider privacy implications even though no external transmission is present.
Persistence & Privilege
Skill does not request always:true or elevated persistence. It does not modify other skills or system configuration. There is no autonomous privilege escalation indicated beyond normal model invocation.
What to consider before installing
This skill is conceptually coherent for parenting guidance and does not request credentials or attempt network access, but exercise caution before installing/using:
- The included Python code contains likely syntax/formatting errors in the self-test blocks (malformed print strings) so the handler may not run until fixed; test locally in a sandbox and run the test scripts to verify behavior.
- The repository/homepage is unknown; if you plan to use it with real child data, verify the source/maintainer and review code for any future changes that might add network calls or telemetry.
- Although the skill doesn't persist or send data externally as written, it will process sensitive child/person data in memory — avoid entering identifiable data until you confirm where logs or outputs go in your environment.
- If you are not comfortable auditing/fixing the broken test prints, ask the developer for a fixed release or a link to a reputable source repository before use.
If you want, I can point out the exact lines with the malformed prints and suggest a corrected version so the skill runs cleanly.Like a lobster shell, security has layers — review code before you run it.
latestvk97c0709500bqkrf7h8a5jvrd584bzd5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.