Ecommerce Data Export
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent report-export skill, with noteworthy but disclosed use of Python packages and optional scheduled automatic reports that users should scope carefully.
This skill appears safe to install as an instruction-only ecommerce reporting helper. Before using scheduled reports, clearly specify what data may be included, who receives it, how often it runs, and how to stop it. If installing the Python dependencies, use a trusted source and an isolated environment.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If enabled, reports could continue being generated or sent on a schedule, potentially sharing business data repeatedly.
The skill explicitly offers recurring automatic report generation and sending, which can create ongoing activity after the initial request.
5. **定时生成**: 定期自动发送报告
Only use scheduled reports with explicit recipient, schedule, data range, and cancellation instructions.
Installing third-party packages can affect the local Python environment, even though these dependencies are plausible for Excel report creation.
The skill declares third-party Python packages for report generation, while the registry-level install specification says there is no install spec.
"kind": "pip", "package": "pandas openpyxl", "label": "安装依赖:pip3 install pandas openpyxl"
Install dependencies from a trusted Python package index and preferably in an isolated virtual environment.