ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Low-Resource AI Researcher

v1.0.0

Train high-performance medical LLMs on consumer GPUs using parameter-efficient fine-tuning

0· 42·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (medical PEFT training on consumer GPUs) aligns with the included code and instructions: it downloads models/datasets, applies LoRA/QLoRA, and runs training. However some declared defaults (trust_remote_code=True, inclusion of wandb/flash_attn in install suggestions) are broader than strictly necessary for 'low-resource' training and increase the attack surface.
!
Instruction Scope
SKILL.md and scripts instruct the agent to download models and datasets from the network and to load model code with trust_remote_code enabled. Loading remote model repositories with trust_remote_code=True allows arbitrary Python in the model repo to run locally — this is a scope expansion beyond simply training a model and is potentially dangerous if untrusted model names are used. The skill also suggests installing wandb (telemetry) and can load local files specified by train_file/validation_file, which is expected but increases data-access scope.
Install Mechanism
There is no registry install spec (instruction-only), which lowers install-time risk. However requirements.txt lists heavy ML packages (flash_attn, bitsandbytes implied in docs) and an odd 'skills' package; installing these can be complex and may compile native extensions. No external arbitrary download URLs are present in the manifest.
!
Credentials
The skill declares no required environment variables or primary credential, yet the code will fetch models/datasets from remote hubs and references wandb/Transformers features that commonly require API tokens (Hugging Face token for private models, WANDB_API_KEY). These credentials are not documented/declared; the default trust_remote_code=True increases the need for cautious credential handling. In short: network access and potential credential use are implicit but not represented.
Persistence & Privilege
The skill is not forced-always, does not request system-wide config paths, and does not declare any special persistent privileges. Autonomous invocation is allowed (platform default), which is expected for a tool-style skill.
Scan Findings in Context
[pre-scan-injection-signals-none] expected: The static pre-scan reported no injection signals; absence of findings does not mitigate runtime risks such as execution of remote model code (trust_remote_code) or implicit network credential use.
What to consider before installing
This skill appears to implement what it claims (PEFT training for medical models) but has several implicit risks you should consider before installing or running it: - trust_remote_code=True: The trainer defaults allow executing arbitrary Python stored in remote model repositories when you load a model. Only load models from fully trusted sources or set trust_remote_code=False and use vetted model code. - Implicit network/credentials: The skill will download models and datasets and may require Hugging Face tokens or wandb API keys for private models or telemetry; these are not declared. Do not provide secrets unless you understand where they are sent. - Telemetry and third-party services: The docs recommend installing wandb/tensorboard; if you enable reporting, metrics may be transmitted off-host. Review/report_to settings and disable telemetry if you don't want external data flows. - Run in a sandbox: Because model loading and some dependencies (flash_attn, bitsandbytes) execute native code, run this in an isolated environment (container or VM) with limited network access until you audit the model sources and code. - HIPAA/data risk: The skill targets medical data. Ensure training data is de-identified/allowed, and confirm compliance (HIPAA/GDPR) before using on real patient data. If you want to proceed safely: review the full scripts/main.py (complete file), set trust_remote_code=False, pin explicit vetted model repo URLs, avoid private model downloads unless necessary, and run the code in an isolated machine or container.
scripts/main.py:602
Dynamic code execution detected.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk972m7k0xztrcp2mmt43wz6txx83nra0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments