ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Q&A Prep Partner

v1.0.0

Predict challenging questions for presentations and prepare responses

0· 37·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Q&A prep) align with the provided script and SKILL.md. The Python script generates question templates and response frameworks consistent with the stated goal; no unrelated binaries, credentials, or services are requested.
Instruction Scope
SKILL.md and usage instruct running scripts/main.py with an --abstract path or raw text. The script does read an input file when provided and prints results to stdout. SKILL.md's checklist mentions input-path validation (no ../ traversal) and writing outputs to workspace, but the script does not perform path traversal checks and does not actually write output files (it prints to console). Also the code uses a bare except when reading the abstract which hides read errors; consider adding explicit input validation and clearer error handling.
Install Mechanism
Instruction-only skill with an included Python script; there is no install spec, no downloads, and no package installation. This is low-risk from an install perspective.
Credentials
No environment variables, credentials, or config paths are requested. The script operates locally and requires only a Python runtime and optional user-provided file or text.
Persistence & Privilege
always is false and the skill does not request persistent agent privileges or modify other skills/config. Autonomous invocation is allowed by default but is not combined with broad privileges or credential access here.
Assessment
This skill appears to be what it says: a local Python tool that generates likely Q&A questions and response frameworks. Before installing or running it: (1) review the small script yourself — it prints output to the console and only reads an input file if you provide one; it does not call remote services or require credentials; (2) be aware the script will read any file path you pass, and it does not validate paths (so don't point it at sensitive system files); (3) the file read uses a bare except which can hide errors — consider improving error handling if you plan to use it in automation; (4) run it in a controlled environment if you are unsure about the source (the repo is marked Draft and has no homepage). Overall the footprint is small and coherent, but apply usual caution with code from unknown sources.

Like a lobster shell, security has layers — review code before you run it.

latestvk973809z3skpwdjezqp9y5amf183zjy7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments