ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ml Visualizer

v1.0.0

Visual analysis and diagnostic tools to help machine learning model selection. ml-visualizer, python, anaconda, estimator, machine-learning, matplotlib.

0· 75·0 current·0 all-time
by@bytesagain1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The declared purpose (ML visualization / data pipeline journaling) matches the shipped code: a Bash script that records timestamped entries and exports logs. Minor inconsistencies: SKILL.md's YAML header names the project 'Yellowbrick' while the skill is published as 'Ml Visualizer', and SKILL.md claims an environment variable ML_VISUALIZER_DIR can override the data directory, but the script hardcodes DATA_DIR to ${HOME}/.local/share/ml-visualizer and does not read ML_VISUALIZER_DIR.
Instruction Scope
Runtime instructions and the script operate only on log files inside the data directory and stdout. The SKILL.md examples include example text like s3:// paths, but the tool treats those as plain strings (it does not access S3). The script does not read other system config, secrets, or network endpoints.
Install Mechanism
There is no install spec (instruction-only skill plus a bundled script). Nothing is downloaded or executed from remote URLs during install, so risk is limited to code shipped with the skill.
Credentials
The skill requests no environment variables or credentials. SKILL.md documents ML_VISUALIZER_DIR as an override, but the script does not honor that variable — a mismatch but not a security concern. No secrets or unrelated credentials are requested.
Persistence & Privilege
The skill is not always-enabled and requests no elevated privileges. It only writes files under the invoking user's home directory; it does not modify other skills or system-wide settings.
Assessment
This skill appears to be a simple local journal/logger for ML workflows and is internally consistent with that purpose. Before installing, consider: - The script writes logs to ~/.local/share/ml-visualizer by default. If you plan to record sensitive dataset paths or metadata, those will be stored as plain text on disk and included in exports. - SKILL.md claims an ML_VISUALIZER_DIR env var override, but the included script does not use it—so the data directory is hardcoded unless you modify the script. - There are minor metadata mismatches (SKILL.md name/version differs from registry metadata); these are likely sloppy packaging rather than malicious behavior. If you’re comfortable with local plain-text logs and/or you review/modify the script to change the data directory or tighten file permissions, this skill is coherent and low-risk. If you need the env-override behavior or stricter storage controls, ask the author for a corrected release or inspect and edit the script before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk978jbagrzxbde3dwm1cvxqtg1838cjd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments