ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pid

v1.0.0

PID controller tuning and simulation tool. Use when json pid tasks, csv pid tasks, checking pid status.

0· 73·0 current·0 all-time
bybytesagain4@xueyetianya
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (PID tuning/simulation, JSON/CSV tasks) match the included shell script which stores entries, lists/searches/exports them, and manages a local config. No unrelated capabilities are requested.
Instruction Scope
SKILL.md directs the agent to run scripts/script.sh with specific commands. The script only reads/writes files under DATA_DIR (default ~/.pid) and uses standard shell utilities (grep, sed, tail, etc.). It does not access other system paths, credentials, or external endpoints.
Install Mechanism
There is no install spec (instruction-only skill) and the only executable code is a bundled shell script. No packages are downloaded or extracted from remote URLs. Risk is limited to executing the provided local script.
Credentials
No required environment variables or credentials are declared. The script accepts an optional PID_DIR env var to override the data directory, which is proportional to its purpose.
Persistence & Privilege
always:false and user-invocable:true. The skill does not request permanent platform-wide privileges, nor does it modify other skills or global agent settings. It will create and edit files only in its own data directory.
Assessment
This skill appears to be a simple local CLI that stores data under ~/.pid (or $PID_DIR if you set it). Before running: inspect scripts/script.sh yourself (it's a shell script that will be executed), back up any existing ~/.pid directory you care about, and consider running it in a sandbox if you want extra safety. Note: sed -i and other utilities behave slightly differently on some platforms (e.g., macOS), so test commands in your environment. No network access or secrets are requested by the skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk979kgx6a789j3jp1nrz1a2fqs839by6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments