ClawHub

VecML AutoML

v1.1.0

VecML AutoML — Drop a CSV, train an ML model, get predictions. One command. Use when the user asks to: train a model, upload data, run predictions, classify,...

0· 110·0 current·0 all-time
byTin Le@tinle2
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (AutoML: upload CSV, train, predict) match the actual behavior. The script posts base64-encoded CSVs, creates projects, triggers training, and fetches metrics from the VecML API at aidb.vecml.com by default. The single required env var (VECML_API_KEY) is appropriate for a hosted ML API.
Instruction Scope
SKILL.md and vecml-pipeline.py explicitly read local CSV files, sample headers, and base64-encode & upload the data to the VecML API. This is expected for the stated purpose, but it means user data (potentially sensitive) is transmitted off-host. SKILL.md also instructs running the included script from the workspace path and using shell commands like head -1 to show headers — those are within scope. If users expect data to remain local, that expectation would be violated.
Install Mechanism
No install spec; the skill is instruction-only with a bundled Python script. It relies only on standard Python stdlib (urllib, csv, base64) and requires no external downloads or package installs. This is low-risk from an install mechanism perspective.
Credentials
Declared required env var is VECML_API_KEY, which is proportional. The code also reads optional env vars VECML_API_URL and VECML_PROJECT (defaults provided) — these are not listed in metadata but are harmless optional overrides. No other credentials or system paths are requested.
Persistence & Privilege
always is false and the skill does not request permanent or elevated privileges. It does not modify other skills or system-wide configs. The skill will run autonomously if the agent decides to invoke it (platform default), which is expected for skills.
Assessment
This skill legitimately uploads CSV files to an external VecML API to train models — that is its purpose. Before installing, consider: 1) Do not upload sensitive or regulated data (PII, PHI, secrets) unless you trust VecML and have an appropriate contract/controls. 2) Create an API key scoped/minimized for this use and rotate it if shared. 3) The script may be run by the agent autonomously; if you want manual confirmation before uploads, require the agent to ask you first. 4) If you need the service endpoint to differ, VECML_API_URL is supported as an env override (not listed in metadata). 5) Review the VecML homepage/API docs and ensure the service's privacy/retention policies meet your needs. If any of these are unacceptable, do not install or only run on synthetic/non-sensitive datasets for testing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97280xbq65agk9zr751gaegd583kftp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis
EnvVECML_API_KEY

Comments