ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Electricity Forecasting Framework

v1.0.0

Comprehensive electricity load and demand forecasting framework. Supports statistical methods (ARIMA, SARIMA), machine learning (XGBoost, LightGBM, Random Fo...

0· 26·0 current·0 all-time
by@sxy799
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included scripts and reference docs (data prep, training, evaluation, deployment). Nothing in the manifest asks for unrelated cloud credentials, binaries, or config paths.
Instruction Scope
SKILL.md directs the agent to run local Python scripts, prepare data, train models, and run FastAPI/batch jobs. Instructions reference weather/data APIs as examples (with placeholder API keys) but do not instruct reading unrelated system files or exfiltrating secrets.
Install Mechanism
No install spec is provided (instruction-only). All code is included in the package; nothing is downloaded from external URLs or extracted to disk during an install step.
Credentials
The skill declares no required environment variables or credentials. Example snippets show usage of third‑party APIs that would need user-supplied API keys, which is expected for such data sources and not requested by the skill itself.
Persistence & Privilege
always:false and normal agent invocation settings. The skill does not request persistent system privileges or attempt to modify other skills or global agent config in the provided files.
Assessment
This package appears coherent for electricity forecasting. Before running it: (1) review the full scripts (especially deploy_model.py, batch_forecast/send_to_downstream and any truncated functions) to confirm any network endpoints they call; (2) supply API keys only for trusted weather/data providers and store them securely (env vars or secret manager), since example code shows placeholders; (3) run in an isolated virtual environment or container and avoid running as root (batch job writes to /var/log and reads/writes models/ and forecasts/ directories); (4) pin dependencies and audit third‑party libraries (PyTorch, LightGBM, joblib, FastAPI, requests, etc.) before deploying to production. If you want, I can scan the specific scripts (deploy_model.py, batch_forecast, send_to_downstream) for any network calls or unexpected behavior.
scripts/hyperparameter_search.py:171
Dynamic code execution detected.
scripts/train_model.py:237
Dynamic code execution detected.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cpy5dd1q6r7az1hqrdpwnq5842mfh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments