ClawHub

Upset Plot Converter

v1.0.0

Convert complex Venn diagrams with more than 4 sets to clearer Upset.

0· 31·0 current·0 all-time
byAIpoch@aipoch-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (convert Venn diagrams with >4 sets to Upset plots) matches the included code: scripts/main.py computes set intersections and renders an Upset-like plot. The declared dependencies (matplotlib, numpy) are appropriate. Minor doc mismatch: SKILL.md also lists pandas as a requirement but requirements.txt does not include pandas; the code does not import pandas.
Instruction Scope
SKILL.md instructs running the packaged script and to validate inputs; the script itself only reads in-memory set data (or lists) and writes a PNG to the provided output_path. There is no network access or hidden endpoints. However, the script does not perform explicit path sanitization or sandboxing: if given an output_path that points outside the workspace (e.g., with '../'), the script will attempt to write there under the current process permissions. The SKILL.md recommends validating paths, but this validation is not enforced by the code.
Install Mechanism
No install spec is provided (instruction-only with bundled script). Dependencies are provided via requirements.txt (matplotlib, numpy). There are no downloads from untrusted URLs and no archive extraction—low install risk.
Credentials
The skill requires no environment variables, no credentials, and no config paths. This is proportionate to its purpose.
Persistence & Privilege
always is false and the skill does not modify other skills or system configuration. It only reads inputs passed to its functions and writes the specified output file.
Assessment
This skill appears to do what it says: generate Upset plots from sets/lists. Before running it: (1) run it in a sandboxed or limited-permission environment (not as root) so a malicious or mistaken output_path cannot overwrite sensitive files; (2) review scripts/main.py yourself if you have concerns—it contains all runtime logic and shows no network calls or credential use; (3) ensure Python 3.10+ and install requirements (pip install -r requirements.txt). Note the SKILL.md mentions pandas but the code doesn't use it—add pandas only if your workflow needs it. If you expect the agent to run this autonomously, ensure the agent's sandbox and path restrictions are in place because the script does not validate output paths.

Like a lobster shell, security has layers — review code before you run it.

latestvk972bbsjt1n6tmbqa143a3zmq1840xdr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments