ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Lay Summary Gen

v1.0.0

Converts complex medical abstracts into plain language summaries for.

0· 21·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill name/description match the included implementation: scripts/main.py performs jargon replacement, sentence simplification, key-takeaway extraction, word counting, and a simple reading-level estimate. No unrelated credentials, binaries, or third-party services are requested.
!
Instruction Scope
SKILL.md frequently instructs validating input/output paths, editing an in-file CONFIG block, and saving output files; the included script does not implement file I/O or any CONFIG block—it accepts an abstract as a command-line argument and prints JSON to stdout. This mismatch between runtime instructions and actual code is a scope/instruction inconsistency and could mislead users about what the skill does.
Install Mechanism
No install spec; the skill is instruction-only with an included Python script. There are no downloads or external installers. This is low install risk.
Credentials
The skill requests no environment variables, no credentials, and no config paths. The code uses only standard-library modules (json, re, sys), so requested environment access is proportionate to purpose.
Persistence & Privilege
always is false and the skill does not request persistent presence or modify other skills. The skill does execute local code when invoked, which is expected for a packaged script.
What to consider before installing
This package appears to implement a straightforward, local text-processing tool and is not asking for secrets or network access. Before installing or running it with sensitive inputs: 1) Verify the mismatch between SKILL.md and the script—SKILL.md mentions editing a CONFIG block, file read/write, and saving outputs, but scripts/main.py only prints JSON to stdout; update the docs or the script accordingly. 2) Note the script truncates output by characters (summary[:max_words * 6]) rather than enforcing a true word limit—expect off-by-one/truncation quirks. 3) Run the script in a sandbox or isolated environment (python -m py_compile scripts/main.py; python scripts/main.py 'your abstract') to inspect behavior and outputs. 4) If you will process real clinical text, ensure PHI is removed before use and verify where outputs are stored (this package prints to stdout and does not persist files, despite SKILL.md claims). 5) If you plan to integrate into a larger workflow, consider adding unit tests, explicit input-path handling, and pinning dependencies (even though none are currently required).

Like a lobster shell, security has layers — review code before you run it.

latestvk97akn18dbcxfepb3cshmw92n5842rej

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments