ClawHub

Ml Pipeline Starter

v1.0.0

Build and deploy production ML pipelines with data processing, model training, evaluation, and deployment using TensorFlow, PyTorch, or Scikit-learn.

0· 270·1 current·1 all-time
by@sunshine-del-ux
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The stated purpose (build/deploy ML pipelines) matches the features listed and required tools (Python, Docker). However, the SKILL.md instructs running a local script (./ml-pipeline.sh) that is not provided, linked, or explained; an instruction-only skill that requires an external script without direction is incoherent and raises questions about how the capability is delivered.
!
Instruction Scope
The runtime instructions directly call ./ml-pipeline.sh (create/train/deploy). Because the skill bundle contains no script, the instructions implicitly rely on a script on the user's system or elsewhere. That gives the agent/user a broad implicit permission to execute arbitrary shell operations via that script; SKILL.md provides no details of the script's behavior, no safety checks, and no source to verify.
Install Mechanism
No install spec is present (instruction-only), so nothing will be written to disk by the skill itself. This is low-risk in terms of automatic installation, but combined with missing script content it shifts risk to whatever ./ml-pipeline.sh the user runs.
Credentials
The skill requests no environment variables, credentials, or config paths. That is proportionate to the described functionality and is a positive signal.
Persistence & Privilege
The skill is not always-included and uses normal user-invocable/autonomous settings. It does not request elevated persistence or modify other skills/configurations.
What to consider before installing
This skill is suspicious because it tells you to run ./ml-pipeline.sh but does not include that script or state where it comes from. Before installing or following its instructions: (1) ask the author for the actual ml-pipeline.sh source or a trusted repository link and review its contents; (2) never run unknown shell scripts on your host — inspect them and run them in an isolated environment (container or VM) first; (3) prefer skills that include their tooling or point to official releases (GitHub, PyPI, Docker Hub) and provide installation steps you can audit; (4) if you must run a script from an external source, verify its integrity (checksum/signature) and review for network/exfiltration or privileged system operations. If the author cannot provide the script or a verifiable source, treat the skill as unsafe to run.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d58f24qbaxa44jbqyf399g58289dk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments