ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

BMS CAN Analyzer

v1.0.0

Parse automotive BMS BLF CAN logs with DBC files to extract time series data for specified signals in CSV, JSON, or text formats.

0· 55·0 current·0 all-time
by@muqiong
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with the code. Provided modules (dbc_utils.py, parse_blf_signal.py, visualize_signal.py) implement DBC loading, BLF parsing, signal extraction, output formatting, and plotting — all appropriate for a BMS CAN analyzer.
!
Instruction Scope
SKILL.md describes a CLI named 'bms-can-analyzer' and states that the skill will "automatically install these dependencies if not present.' The packaged files provide Python scripts (parse_blf_signal.py, visualize_signal.py) but no wrapper or entry point named 'bms-can-analyzer' and no code that performs automatic installation. This mismatch is scope/integration drift — instructions claim behaviors (auto-install, a named CLI) that the code does not implement.
!
Install Mechanism
The skill is instruction-only in registry terms (no install spec). SKILL.md promises automatic installation of Python dependencies (python-can, cantools, blf) but there is no install specification or script in the bundle that performs installs. That inconsistency could lead to surprises during installation/runtime (the agent or user would need to install dependencies manually).
Credentials
No environment variables, credentials, or config paths are requested. The code does not read environment variables or access unrelated system paths; it only reads user-supplied BLF/DBC files and writes local outputs. The requested privileges are proportional to the stated purpose.
Persistence & Privilege
Skill does not request persistent presence (always: false), does not modify other skills or system-wide settings, and contains no autonomous-install or self-enabling behavior in the provided files.
What to consider before installing
This skill's code appears to do what it says (parse BLF files with a DBC and produce outputs/plots), but there are notable mismatches in the documentation: SKILL.md promises an automatic installer and a 'bms-can-analyzer' CLI that are not present in the bundle. Before installing or running: (1) verify and install the required Python packages (python-can, cantools, blf, matplotlib, pandas) from trusted package sources; (2) run the provided scripts directly (parse_blf_signal.py and visualize_signal.py) or create a proper entry point if you need a single CLI; (3) run in a controlled environment or sandbox when processing untrusted BLF files since they are binary logs; (4) if you expect automatic dependency installation from the skill, treat that claim as unreliable and confirm how the agent/runtime will handle dependency installation. If you need the convenience of a single CLI or automatic installs, request an updated package or install spec from the maintainer.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a64a6aawzt6g8rrv1knp7dn83fcne

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments