ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Mechanism Flowchart

v1.0.0

Generates Mermaid flowchart code and visual diagrams for pathophysiological.

0· 56·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill name/description describe generating Mermaid diagrams and the repository contains a Python implementation (MechanismDiagram, FlowNode, FlowEdge) and reference guidance that match that purpose. Example usage and templates align with the stated functionality.
!
Instruction Scope
SKILL.md instructs running the packaged script (python scripts/main.py) and mentions reading/writing workspace files which is proportional to a diagram generator. However, the provided scripts/main.py is truncated/inconsistent at the CLI entrypoint (it references a non-existent symbol 'Mechanism' and the file ends abruptly), so actual runtime behavior is uncertain. Before running, inspect the complete main() to ensure it does not perform unexpected file system reads/writes or network calls.
Install Mechanism
There is no install spec (instruction-only install), so nothing is downloaded or installed automatically. requirements.txt lists 'dataclasses' and 'enum' which are part of the standard library for Python 3.10+, so installing dependencies should be unnecessary; overall low install risk.
Credentials
The skill does not request environment variables, credentials, or config paths. The code shown contains no network access or credential usage. This is proportionate for a local diagram generator.
Persistence & Privilege
The skill does not request persistent platform privileges (always:false). It does not modify other skills or system-wide settings according to the provided files.
What to consider before installing
This package appears to implement a Mermaid flowchart generator and does not request credentials or perform obvious network access, but do not run the script unreviewed. Actionable steps: - Inspect the complete scripts/main.py file (the provided copy is truncated and shows an apparent bug: it references 'Mechanism' while the main class is MechanismDiagram). That mismatch will cause runtime errors and leaves uncertainty about the remainder of main(). - Confirm the CLI entrypoint doesn't read arbitrary filesystem paths, traverse out of the workspace, or make network calls. If you only need to generate diagrams from text, prefer to import the MechanismDiagram class and call generate() in a sandboxed interpreter rather than running the top-level script. - Run python -m py_compile scripts/main.py to detect syntax issues, and run the script inside an isolated environment (container or VM) so any unexpected side effects are contained. - No secrets or environment variables are required; still audit the code for any hardcoded endpoints or obfuscated logic before executing. Because of the incomplete/mismatched main() and the resulting uncertainty about runtime behavior, proceed with caution and perform the checks above before installing or executing this skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f0aeb5136thx9ewegdy7zs583myz9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments