ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

GEDCOM Explorer

Generate an interactive family tree dashboard from any GEDCOM (.ged) file. Creates a single-file HTML app with 5 tabs (Dashboard, Family Tree, People, Timeline, Daily Alerts), search, person modals, charts, and "On This Day" events. Use when asked to visualize genealogy data, explore family history, build a family tree viewer, or work with GEDCOM files. Triggers on "family tree", "genealogy", "GEDCOM", "ancestors", "family explorer", "family history dashboard".

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 1.6k · 1 current installs · 1 all-time installs
by@justinhartbiz
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, SKILL.md, and the included script all align: parsing GEDCOM files and producing a self-contained HTML viewer is consistent with the files and runtime instructions. No unrelated binaries, env vars, or config paths are requested.
!
Instruction Scope
SKILL.md only instructs running the provided script on a local .ged file and optionally serving the resulting HTML locally. However: (1) SKILL.md contains a note about sending notifications via Telegram for cron integration (external endpoints) which is not explained or required and could imply optional network integration, and (2) the provided script was truncated in the package listing so I could not review the entire code to confirm there are no network calls, telemetry, subprocess invocations, or other out-of-scope file accesses. The presence of unicode-control-chars in SKILL.md also suggests a potential prompt-injection attempt to influence an agent's behavior.
Install Mechanism
No install spec is present (instruction-only with a bundled script). That is low risk compared to remote downloads. The script is executed locally; nothing in the manifest indicates it will fetch remote archives during install.
Credentials
The skill declares no required environment variables, no primary credential, and no config paths. This is proportionate to the stated purpose of local file parsing and HTML generation. Still verify the full script does not read additional env vars at runtime (the truncated file prevents perfect verification).
Persistence & Privilege
always:false and no install-time modifications are declared. The skill does not request permanent/platform-wide privileges. Autonomous invocation is allowed by default (disable-model-invocation:false) which is normal; combine this with other concerns if you permit wide agent autonomy.
Scan Findings in Context
[unicode-control-chars] unexpected: SKILL.md contains unicode control characters flagged by the pre-scan. These are not required for a GEDCOM parser and can be used to perform prompt-injection or to obscure text. Treat this as suspicious; inspect the raw file bytes to identify and remove hidden control characters before trusting the skill.
What to consider before installing
What to consider before installing or running this skill: - Source verification: The homepage/source is unknown. Prefer skills with a known author and repository. Ask the publisher for a public repo or release tarball so you can audit the full code. - Inspect the full script: The provided build_explorer.py was truncated in the package listing. Before running, open the entire file and search for any network or subprocess activity (look for imports or strings: requests, urllib, http, socket, subprocess, os.system, popen, ftplib, smtplib, telnet, ssh, eval, exec). If you see any outbound endpoints (URLs, IPs) or hidden obfuscated strings, do not run it until you understand them. - Remove/inspect hidden characters: The pre-scan found unicode-control-chars in SKILL.md. View the file in a hex editor or use a utility to show non-printable characters and remove them if they are not intended. - Run in isolation: If you choose to run the script, do so on a disposable VM or sandbox with no sensitive network access and with a test GEDCOM file first. Verify the produced HTML contains no calls to remote resources (open it while offline) and that no unexpected outbound connections occur while generating the file. - Privacy: GEDCOM files contain personal data. Be aware the tool embeds all data into a single HTML file — treat that file like the original GEDCOM with respect to privacy and sharing. - Cron/notification note: SKILL.md mentions Telegram/cron integration as an extension. Do not enable or wire any notification integrations until you review the implementation and approve the destination endpoints and credentials. If you can provide the complete build_explorer.py (full file) or a public repository URL, I can re-evaluate and raise the confidence level.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk970e6qp94ywgkw9wyx4ascd3h80ew4g

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

GEDCOM Explorer

Parse any GEDCOM file and generate a self-contained interactive HTML dashboard.

Quick Start

python3 scripts/build_explorer.py <input.ged> [output.html] [--title "Title"] [--subtitle "Subtitle"]

Examples

# Basic — outputs family-explorer.html in current directory
python3 scripts/build_explorer.py ~/my-family.ged

# Custom output path and title
python3 scripts/build_explorer.py ~/my-family.ged ~/Desktop/hart-family.html \
  --title "Hart Family Tree" --subtitle "Six generations of history"

# Demo with bundled US Presidents data
python3 scripts/build_explorer.py assets/demo-presidents.ged presidents.html \
  --title "Presidential Family Explorer" --subtitle "US Presidents & Their Ancestors"

Features

  • Dashboard — Stats grid (people, families, places, generations), On This Day events, top surnames, geographic origins, people by century, party breakdown (for presidential data)
  • Family Tree — Interactive tree visualization with zoom/pan, select any person as root, color-coded by gender/president status
  • People — Searchable/filterable directory with gender and president filters, pagination, click for full detail modal
  • Timeline — Chronological events (births, deaths, marriages) with filters and search
  • Daily Alerts — Today's anniversaries, random ancestor spotlight, fun facts
  • Person Modal — Full detail view with parents, spouses, children (all clickable links)
  • Global Search — Search across all tabs by name, place, or year

How It Works

build_explorer.py parses the GEDCOM, extracts all individuals + families, computes stats, and embeds everything as inline JSON in a single HTML file. No server needed — just open the HTML.

Auto-detects US Presidents from OCCU (occupation) fields. Works with any GEDCOM; presidential features simply won't appear if no president data exists.

GEDCOM Sources

Users can export .ged files from:

  • Ancestry.com → Tree Settings → Export Tree
  • FamilySearch.org → Download GEDCOM
  • MyHeritage → Family Tree → Export → GEDCOM
  • Any genealogy software (Gramps, RootsMagic, Legacy, etc.)

Demo Data

assets/demo-presidents.ged — Public domain US Presidents GEDCOM (2,322 people, 1,115 families, 44 presidents). Source: webtreeprint.com.

Serving Locally

cd /path/to/output/dir
python3 -m http.server 8899
# Open http://localhost:8899/family-explorer.html

Extending

The generated HTML is fully self-contained. To customize:

  • Edit CSS variables in :root for theming
  • The dashboard adapts to whatever data is in the GEDCOM — no presidential data required
  • For OpenClaw cron integration: parse GEDCOM daily events and send "On This Day" notifications via Telegram

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…