ClawHub

Pywayne Visualization Pangolin Utils

v0.1.0

3D visualization toolkit wrapping Pangolin viewer for real-time display of point clouds, trajectories, cameras, planes, chessboards, and images. Use when vis...

0· 496·0 current·0 all-time
by@wangyendt
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's name and description match the SKILL.md API surface (a Pangolin-based Python viewer). However, the skill bundle contains no code files, no package, and no concrete install instructions; the doc assumes an importable module (pywayne.visualization.pangolin_utils) that is not provided. That makes the claimed capability impossible to verify or run as-is.
Instruction Scope
The instructions are narrowly focused on viewer APIs and do not ask the agent to read unrelated system files or exfiltrate data. They do reference using file paths for images (normal) and mention that Pangolin is 'auto-downloaded via `gettool`' but do not explain what `gettool` will do or which hosts it contacts, leaving scope-of-action unclear.
!
Install Mechanism
There is no install spec in the registry entry. The SKILL.md's single install hint — 'auto-downloaded via `gettool`' — is vague and unsourced. Without a defined install mechanism (PyPI package, GitHub release, or explicit download URL), it's unclear how the runtime dependency would be obtained; an unspecified auto-download is a red flag.
Credentials
The skill does not request any environment variables, credentials, or special config paths. The declared environment footprint is minimal and proportionate to the described functionality.
Persistence & Privilege
The skill does not request always:true and uses default invocation settings. There is no evidence it requests persistent system-level privileges or modifies other skills' config.
What to consider before installing
This skill currently looks like documentation for a Python package rather than an installable skill: it declares an importable module but no code or install instructions are included, and it cryptically refers to 'gettool' for auto-downloading Pangolin without saying from where. Before installing or running this skill, ask the publisher for (a) the actual Python package (PyPI name or GitHub repo) or an explicit install spec, (b) the exact behavior and source of the 'gettool' downloader (hosts, checksums), and (c) any native system dependencies required by Pangolin. Do not allow or run unspecified auto-downloads from unknown hosts. If you must proceed, verify the package source, prefer packages on PyPI or GitHub releases with signatures/checksums, and inspect the code to ensure no unexpected network/file access occurs.

Like a lobster shell, security has layers — review code before you run it.

latestvk97esffz68691kcpjt3s0cyfd581cft6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments