ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Simple CSC

v1.0.1

Use the simple-csc repository to perform Chinese Spelling Correction (CSC) and Chinese Character Error Correction (C2EC) using large language models in a tra...

1· 70·0 current·0 all-time
by@jacob-zhou
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the instructions. All requested actions (clone repo, install Python deps, download LLMs from HuggingFace, run scripts and an API server) are exactly what a CSC/C2EC toolkit would need.
Instruction Scope
SKILL.md restricts itself to repository-relative paths, model/dataset download and running provided scripts/APIs. It does not instruct reading unrelated system files or harvesting credentials. It does recommend setting MODELSCOPE_CACHE (optional) and shows how to run a local API server bound to 127.0.0.1.
Install Mechanism
This is an instruction-only skill (no install spec). The instructions clone a public GitHub repo and use pip for dependencies (including compiling native packages such as flash-attn). That is standard for ML projects; there are no opaque download URLs or archive extracts in the skill content itself.
Credentials
The skill declares no required environment variables or credentials. It optionally references MODELSCOPE_CACHE to change model mirror location and notes that models auto-download from HuggingFace. Network access to download models/datasets is expected for this purpose.
Persistence & Privilege
always is false and the skill is user-invocable. There is no instruction to modify other skills or system-wide agent configs. No elevated or persistent privileges are requested.
Assessment
This skill is a usage guide that expects you to clone and run the external simple-csc repository. Before installing or running anything: (1) review the GitHub repository (https://github.com/Jacob-Zhou/simple-csc) yourself — this skill only points to that code; (2) expect large model downloads (HuggingFace) and significant GPU/VRAM use; (3) pip-installing native libs (e.g., flash-attn) will compile code on your machine—review and build in a controlled environment if concerned; (4) the API server examples bind to localhost (127.0.0.1) which is safe for local use, but avoid exposing the server to the public internet without proper access controls; and (5) if you must use alternative model mirrors (MODELSCOPE_CACHE), ensure you trust the mirror source. Overall the instructions are coherent with the skill's purpose, but the real code and runtime behavior live in the external repository — inspect that repo before running.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ap577dq3kafgbs703xprecx839pzq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments