ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Comparison Table Gen

v0.1.0

Auto-generates comparison tables for concepts, drugs, or study results in Markdown format.

0· 100·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (comparison tables for concepts/drugs/studies) align with the included script and SKILL.md. The only code (scripts/main.py) implements exactly that functionality and does not request unrelated resources or credentials.
Instruction Scope
Runtime instructions are limited to parsing CLI arguments and producing a JSON/Markdown table. The script reads CLI input and may write an output file path supplied by the user; it does not access network, environment secrets, or other system configuration. Minor caution: the script does not validate or sanitize the --output path (no explicit check against '../' traversal or enforcing a workspace-only directory).
Install Mechanism
No install spec is present (instruction-only with an included script). This is low-risk since nothing is downloaded or installed by the skill itself.
Credentials
The skill requires no environment variables, credentials, or config paths. That is proportionate to its simple local text-processing purpose.
Persistence & Privilege
always is false and the skill does not request any elevated or persistent platform privileges. It only runs when invoked and writes files only when the user supplies an output path.
Assessment
This skill appears to do what it claims: a small local Python script that builds Markdown tables from CLI arguments. Before installing/running: review the script if you plan to run it in a sensitive environment, and prefer supplying explicit safe output paths (avoid running as root or writing to system directories). Note the script does not sanitize the --output path, so avoid untrusted inputs that could cause directory traversal. If you will use it for medical content, also validate the generated content for clinical accuracy and consider running in a sandboxed environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ap2h1xyvhnmws086yd0br3h834xq4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments