Pythesis Plot
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing from a changing remote repository or unpinned packages could affect the local agent environment.
The installation guidance pulls a remote repository into a persistent skills directory and installs unpinned dependencies. This is normal for a Python plotting skill, but users should trust and verify the source.
git clone https://github.com/stephenlzc/pythesis-plot.git ~/.claude/skills/pythesis-plot pip install pandas matplotlib seaborn openpyxl numpy scipy
Install only from a trusted repository, prefer a virtual environment, and pin or review dependencies when possible.
Local Python code will run to create figures, which can modify files in the chosen output directory.
The skill generates and executes local Python plotting code. This is disclosed and central to the purpose, and the workflow requires user confirmation before generation.
Generate {timestamp}_plot.py (Python code)
3. Execute code to generate charts:Keep the confirmation step, run in a controlled Python environment, and review generated code if the dataset or environment is sensitive.
Sensitive or unpublished research data may remain on disk in the output folder after use.
The workflow saves a copy of uploaded data and derived artifacts such as reports and generated code. This is expected for reproducible plotting, but it creates persistent local copies.
Auto-save: Rename to `timestamp-original_filename`, save to `output/YYYYMMDD-filename/`
Use appropriate local file permissions, avoid uploading confidential data unless intended, and delete or secure output directories when finished.