Chart MPL
Security checks across malware telemetry and agentic risk
Overview
This skill appears to be a straightforward CSV-to-chart generator, with only a low-risk setup note about installing an unpinned matplotlib dependency.
This skill is reasonable to install if you need local CSV chart generation. Review the setup command before running it, and use a trusted environment because it installs matplotlib via pip.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill as documented may download third-party Python package code into the local virtual environment.
The setup instructions install an external Python package without a pinned version. This is expected for a matplotlib-based charting skill, but it means the installed dependency comes from the package ecosystem at setup time.
~/.openclaw/workspace/.venv_chart/bin/pip install matplotlib
Use a trusted Python package index and consider pinning matplotlib to a known version if reproducibility or stricter supply-chain control is important.