ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Anatomy Quiz Master

v0.1.0

Generate interactive anatomy quizzes for medical education with multiple question types, difficulty levels, and anatomical regions. Supports gross anatomy, n...

0· 133·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md advertises adaptive learning, image integration, export to LMS, progress tracking, and separate modules (scripts.quiz_generator, scripts.adaptive). The repository contains only a single scripts/main.py implementing a small question bank and CLI. Several referenced modules/classes in SKILL.md (QuizGenerator, AdaptiveEngine, scripts.adaptive) are missing. This is a mismatch between claimed capabilities and what the package actually contains.
!
Instruction Scope
Runtime instructions in SKILL.md show example commands that are harmless (running the included CLI and writing JSON output). However many examples show API usage of missing modules and higher-privilege operations (export, tracking, adaptive generation). The documented allowed-tools list (Read, Write, Bash, Edit) is broader than needed for the present CLI. The SKILL.md does not instruct reading secrets or contacting external endpoints, but the examples assume components that would likely need persistent storage or external integrations that are not present.
Install Mechanism
No install spec; instruction-only with included code. No downloads or external install steps are present, so there is no install-time code-fetch risk.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. The included scripts do not read environment variables or network endpoints in the visible code. This is proportionate to the actual CLI functionality.
Persistence & Privilege
always is false and the skill does not request persistent platform privileges. The code writes to an output file only when requested by the --output flag, which is expected for a quiz exporter.
What to consider before installing
This skill is inconsistent: the documentation promises advanced features (adaptive engine, image labeling, LMS export, tracking) but the package only contains a small CLI quiz generator. Before installing or enabling: 1) Inspect the full scripts/main.py (the provided snippet appears truncated) and any other files for unexpected network calls or hidden code. 2) Ask the publisher for the missing modules (scripts.quiz_generator, scripts.adaptive) and a complete source or release notes explaining the discrepancy. 3) Be cautious running it in environments with secrets—run in a local sandbox or container first. 4) Note requirements.txt lists standard-library modules (argparse, json, random) which is incorrect and may indicate sloppy packaging. If you need the advanced features advertised (adaptive learning, image support, LMS export), do NOT rely on this package until the author supplies the missing components and a complete, audited release.

Like a lobster shell, security has layers — review code before you run it.

latestvk9748xx9nqmjdss4dh7d01khp1834hj0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments