ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Acronym Unpacker

v0.1.0

Disambiguate medical acronyms and abbreviations with context-aware full form lookup. Resolves ambiguous abbreviations (e.g., 'PID' = Pelvic Inflammatory Dise...

0· 102·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
SKILL.md describes semantic analysis, clinical-document-level context detection, batch processing, and a learning system. The included script is a ~200-line Python file with a hard-coded dictionary and only supports single-acronym lookup and a simple --list mode. Features advertised (ML, batch processing, expanding entire documents, learning) are not implemented and the README even references a non-existent requirements.txt and references/ directory.
Instruction Scope
Runtime instructions are simple: run python scripts/main.py with an acronym and optional --context. The code does not read arbitrary system files, call external services, or access environment variables, so runtime scope is limited — however the SKILL.md's claims about document-level analysis and batch processing are misleading relative to what the instructions actually perform.
Install Mechanism
No install spec is provided (instruction-only plus a local script), which minimizes install risk. The README suggests pip install -r requirements.txt but that file is not present; this mismatch is sloppy but not directly dangerous.
Credentials
The skill declares no required environment variables, credentials, or config paths. The code does not attempt to access secrets or external services, so requested environment access is minimal and proportionate.
Persistence & Privilege
always is false and the skill contains no installation hooks or self-modifying behavior. It does not request persistent or elevated privileges.
What to consider before installing
This package is internally inconsistent: documentation promises ML-driven, document-level and batch capabilities but the code is only a static lookup for single acronyms. If you need true context-aware disambiguation, don't rely on this skill as-is. Before installing or using it: (1) review the source (it's short) and confirm behavior meets your needs; (2) ask the author for the missing requirements.txt, references, and an implementation plan for the advertised features; (3) run the script in an isolated environment when evaluating; (4) if you will process protected health information, prefer a vetted, auditable tool with explicit handling of PHI and robust provenance; and (5) consider rejecting or labeling the skill as 'documentation-mismatch' until the author fixes the claims or supplies the promised functionality.

Like a lobster shell, security has layers — review code before you run it.

latestvk9761948c1d1cjfnnj7xyj56bh834t7r

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments