ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Survival Curve Risk Table

v1.0.0

Analyze data with `survival-curve-risk-table` using a reproducible workflow, explicit validation, and structured outputs for review-ready interpretation.

0· 26·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included code and docs. The packaged script (scripts/main.py), README, and SKILL.md all implement survival-curve risk-table generation and journal-style formatting; required packages are appropriate for plotting and survival analysis.
Instruction Scope
Runtime instructions focus on validating inputs, running the provided script, and returning structured outputs. The SKILL.md does not instruct the agent to read unrelated system files, environment variables, or exfiltrate data. It explicitly recommends a non-destructive smoke check (python -m py_compile).
Install Mechanism
No install spec is provided (instruction-only skill with bundled script), which minimizes installer risk. Dependencies are declared in requirements.txt (pip install -r requirements.txt). The requirements file itself is ordinary, though it redundantly lists both 'pil' and 'pillow' (see user guidance).
Credentials
The skill requests no environment variables, no credentials, and no special config paths — appropriate and proportionate for a local data-processing tool.
Persistence & Privilege
always:false and normal invocation settings. The skill does not request persistent system-wide privileges or modify other skills; autonomous invocation is allowed by platform default but not exceptional here.
Assessment
This package appears to be what it claims: a local tool to compute and render 'number at risk' tables for Kaplan–Meier plots. Before installing/using: 1) Only run the script on datasets you trust — the loader supports pandas.read_pickle which will execute code when loading malicious pickle files; prefer CSV/Excel input from trusted sources. 2) Pin dependency versions (requirements.txt has unspecified versions and lists both 'pil' and 'pillow') to avoid supply-chain surprises. 3) Run the suggested smoke-check (python -m py_compile scripts/main.py) and, when possible, test in an isolated environment (container or VM) before using with sensitive clinical data. 4) If you plan to enable autonomous agent invocation, restrict it or review expected input/output flows so the agent can't be prompted to load arbitrary local files without explicit confirmation.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bj7xf6q2bc1ynpk192sa0kd841mb9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments