ClawHub

Forest Plot Styler

v0.1.0

Beautify meta-analysis forest plots with customizable odds ratio points and confidence intervals

0· 106·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description align with what the files do: the SKILL.md and scripts/main.py read CSV/Excel input, calculate pooled effects, and draw forest plots with styling options. There are no unrelated credentials, binaries, or surprising capabilities requested.
Instruction Scope
Runtime instructions instruct running the included Python script on user-supplied input files (CSV/XLSX) and writing output images — this matches the purpose. The SKILL.md includes a security checklist that recommends denying path traversal (../), but the script does not implement explicit path restriction or sandboxing; it will read any file path the user supplies. That is expected for a command-line tool but you should avoid running it in contexts where untrusted agents could pass arbitrary filesystem paths (to prevent accidental disclosure of sensitive files).
Install Mechanism
No install spec (instruction-only install) which keeps disk writes minimal. Dependencies are listed in requirements.txt but are unpinned and incomplete: SKILL.md mentions openpyxl for Excel support, yet requirements.txt does not include openpyxl. This is likely an oversight (packaging inconsistency) rather than malicious, but you should pin and audit dependencies before installing.
Credentials
The skill requests no environment variables, no credentials, and no config paths. Its filesystem access is limited to reading the input file you provide and writing the output image, which is proportionate to the stated purpose.
Persistence & Privilege
The skill does not request persistent or privileged platform presence (always:false). It does not attempt to modify other skills or system-wide agent settings. Autonomous invocation is allowed by default (disable-model-invocation:false), but that is platform default and not in itself a red flag here.
Assessment
This skill appears to do what it claims (make styled forest plots) and contains only a single Python script plus example data. Before installing/running: 1) Review the script yourself or run it on non-sensitive sample data — it will read any file path you give it, so avoid passing paths to private system files. 2) Update and audit dependencies: requirements.txt is unpinned and omits openpyxl (needed for Excel input per SKILL.md). 3) Run in a sandboxed environment (virtualenv/container) if you don't fully trust the source. 4) If you plan to let an agent invoke this autonomously, ensure the agent cannot be tricked into supplying arbitrary filesystem paths or output destinations. These steps will reduce risk while using the tool.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dje5d6f3r7fgk96whmeqzmx838x6d

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments