ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Radiology Image Quiz

v1.0.0

Use when creating radiology educational quizzes, preparing board exam questions, or studying medical imaging cases. Generates interactive quizzes with X-ray,...

0· 37·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's name and description emphasize generating interactive quizzes with X‑ray/CT/MRI/ultrasound images, but the only implementation (scripts/main.py) generates plain text quizzes from JSON cases and contains no image handling, no image file paths, and no image-processing dependencies. SKILL.md and examples also reference a different module/file (scripts/radiology_quiz.py and from scripts.radiology_quiz import RadiologyQuiz) which does not exist in the package. These mismatches mean the declared capability (image-based quiz generation) is not delivered by the provided code.
!
Instruction Scope
The SKILL.md instructs safe commands (py_compile, running the script) and specifies a reproducible workflow, but it also references non-existent elements (a CONFIG block, scripts/radiology_quiz.py, and an import that won't work). The runtime instructions do not ask for unrelated system secrets or external endpoints, but they are internally inconsistent and could mislead an agent into expecting functionality (image handling, configurable CONFIG) that isn't present.
Install Mechanism
There is no install spec and the skill is instruction-plus-source only. Nothing will be downloaded or installed automatically by the package—this is low-risk from an install perspective.
Credentials
The skill requests no environment variables, credentials, or config paths. Given the provided code, this is appropriate; there is no disproportionate credential or environment access requested.
Persistence & Privilege
The skill is not configured as always:true and does not request persistent system privileges. It contains no code that modifies other skills or system-wide settings.
What to consider before installing
This skill is suspiciously incoherent rather than overtly malicious. Before installing or using it: - Do not trust it to process medical images: run the packaged script locally (python -m py_compile scripts/main.py; python scripts/main.py --demo) and inspect the output — the demo prints a text-only quiz. - Note the SKILL.md references files and a CONFIG block that don't exist; ask the author for the correct source file or an updated package if you expect image handling. - If you need image-based functionality, request or verify code that accepts image paths and uses explicit image-processing libraries; otherwise the current package will not handle images. - Because this is a medical/educational tool, avoid using it with real patient data or PHI until you confirm it does what you expect and have audited it. - If you proceed, run it in an isolated environment, review the source code (especially any future changes), and validate outputs manually—do not rely on it for clinical decisions or exams without review.

Like a lobster shell, security has layers — review code before you run it.

latestvk97apgr8herf83xdw53p262zk583zwb2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments