ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Chartmaker

v2.0.0

Visualize data with bar charts, sparklines, and progress bars in terminal. Use when plotting metrics, rendering inline charts, or transforming data.

0· 107·0 current·0 all-time
by@bytesagain1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (terminal charts, logging, exports) align with what is implemented: a Bash CLI that logs entries by category, searches, shows stats, and exports data. No unrelated capabilities (cloud access, system config modifications) are requested.
Instruction Scope
SKILL.md and the script are scoped to local logging and export behavior. The script only reads/writes files under $HOME/.local/share/chartmaker, and uses common CLI tools (grep, tail, wc, du). It does not reference other system paths, secrets, or external endpoints.
Install Mechanism
There is no install spec (instruction-only) which is low risk. A single included Bash script implements behavior; no downloads, package installs, or archive extraction occur during install.
Credentials
The skill requests no environment variables, credentials, or config paths. The script uses only $HOME to place its data directory, which is proportional to a local logging tool.
Persistence & Privilege
The skill is not flagged always:true and does not modify other skills or system-wide config. It stores its own logs/exports under the user's home directory only.
Assessment
This skill appears coherent and local-only, but it will create and write files to ~/.local/share/chartmaker (logs, history, exports). Before installing or using it: review the script if you have sensitive data (to avoid accidentally logging secrets), inspect the export files prior to sharing, and be aware the JSON export implementation has a minor formatting bug (may produce invalid JSON). If you prefer, run it in an isolated account/container first. Because it can be invoked by the agent, confirm you trust the agent to run local commands that read/write your home directory.

Like a lobster shell, security has layers — review code before you run it.

latestvk976f2ymh0zejb93h9d1y2776n834nnm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments