ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Eln Template Creator

v0.1.0

Generate standardized experiment templates for Electronic Laboratory Notebooks

0· 97·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name, description, SKILL.md usage examples, and the included Python script align: the tool generates Markdown experiment templates for ELNs and supports multiple experiment types. There are no unrelated requested credentials, binaries, or install actions.
Instruction Scope
Runtime instructions simply run scripts/main.py with CLI options and write an output file. That scope matches the stated purpose. However the SKILL.md includes a security checklist (e.g., "Input file paths validated (no ../ traversal)") but the documentation does not show that these checks are implemented. Because the script will write files specified by the user, lack of explicit path validation could allow accidental or malicious overwriting of files outside the workspace if not handled properly.
Install Mechanism
No install spec is present (instruction-only with an included script). This is low-risk compared with remote downloads; nothing will be automatically fetched from the network during install.
Credentials
The skill requires no environment variables, credentials, or config paths. That is proportionate for a local template generator.
Persistence & Privilege
The skill is not marked always:true and does not request permanent presence or modify other skills. It can be invoked by the agent, which is the platform default and appropriate here.
What to consider before installing
This skill appears coherent for producing ELN templates, but it runs a local Python script that writes files. Before running it on sensitive systems or with important file paths: 1) review the full scripts/main.py source to confirm there are no network calls, shell.exec/subprocess calls, or code that reads unrelated filesystem locations; 2) verify how the script handles the --output path (ensure it prevents directory traversal and overwriting important files); 3) run it in a sandboxed environment or container with a restricted working directory and non-privileged user; 4) prefer supplying explicit safe output paths (not user home or system directories); and 5) if you lack the ability to review the code, avoid running it with production data or secrets. If you want, I can scan the remainder of scripts/main.py for dangerous patterns (networking, subprocess, file traversal) — provide the full file text and I will check.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bshq1drnsyjg1rh184h0z3n836pft

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments