Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Li ETL Handle
v1.0.1Node.js-based Excel automation for reading, writing, cleaning, transforming, merging .xlsx/.xls/.csv files with joins, analysis, flow control, and JS scripti...
⭐ 0· 107·0 current·0 all-time
byTerry S Fisher@43622283
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the actual code and files: index.js implements read/write/clean/transform/merge for .xlsx/.xls/.csv and depends on xlsx, csv-parser, csv-stringify — these are coherent and expected for an Excel ETL skill.
Instruction Scope
SKILL.md and the code provide executeScript / JavaScript script support which intentionally allows executing user-provided JS to transform rows. While this is a documented feature of the skill, it grants the skill (and any caller that can invoke it) ability to run arbitrary code in the host process with full filesystem and process access unless you sandbox it. The doc warns about this but does not define a runtime sandbox or limits; that lack of restriction is a security concern.
Install Mechanism
There is no platform install spec (instruction-only), which minimizes automatic installs by the platform. However the package.json/package-lock declare dependencies and package-lock resolves packages from a mirror (mirrors.tencentyun.com) via HTTP; installing these packages would fetch third-party code. The xlsx dependency is a known-vulnerable version according to the included audit notes.
Credentials
The skill declares no required environment variables, credentials, or privileged config paths. The code operates on local files and does not attempt to read environment secrets or external credentials, which is proportionate to an ETL utility.
Persistence & Privilege
always:false (good) but disable-model-invocation:false (default) means the agent may autonomously invoke the skill. Combined with executeScript (arbitrary JS execution) this increases blast radius: an autonomous agent could pass scripts that access files or environment. The skill does not modify other skills or system settings, but the autonomous-call + executeScript combination is a notable risk.
Scan Findings in Context
[executeScript-dynamic-exec] expected: The skill advertises and implements custom JavaScript execution (executeScript) as a core feature. That is expected for 'script support' but is a high-risk capability because it runs arbitrary JS in the host process; SKILL.md warns, but no runtime sandbox is provided.
[dependency-xlsx-known-vulns] expected: Using the 'xlsx' package is expected for Excel handling. The included SECURITY_AUDIT/CHECK files note GHSA prototype-pollution and ReDoS vulnerabilities in xlsx@0.18.5 — this is a valid supply-chain/security finding that should be remediated (upgrade or replace).
[package-lock-nonstandard-registry] unexpected: package-lock.json entries resolve packages from http://mirrors.tencentyun.com — a non-default registry/mirror and using HTTP (not HTTPS) is atypical and increases supply-chain risk if you plan to run npm install; verify registry/trust before installing.
What to consider before installing
This skill appears to do what it says (read/write/clean/transform Excel/CSV) but has a few security caveats you should weigh before installing or allowing autonomous use:
- Treat executeScript as dangerous by design: it executes arbitrary JavaScript. Only use this capability with code you trust or run the skill in an isolated sandbox or container. If you don't need script support, avoid calling executeScript or ask the author for a build without it.
- Upgrade or replace xlsx: the included package version (xlsx@0.18.5) has publicly disclosed vulnerabilities. Before processing untrusted files, upgrade to a patched xlsx or switch to another library (e.g., exceljs), and run npm audit.
- Verify package sources: package-lock references a non-standard mirror (mirrors.tencentyun.com) over HTTP. When installing, prefer the official npm registry or otherwise confirm the mirror's integrity and use HTTPS.
- Limit autonomous invocation: if the agent/platform will call skills autonomously, consider disabling autonomous invocation for this skill (or restricting when it can run) because an autonomous agent could pass scripts to executeScript.
- Practical checks before use: review index.js (and any executeScript implementation) yourself, run the tests in an isolated environment, run 'npm audit' and inspect package-lock for unexpected dependencies, and process only trusted Excel files until you upgrade the vulnerable dependency.
If you want, I can: (1) point to the exact lines implementing executeScript in index.js, (2) suggest a minimal patch to disable executeScript or sandbox it, or (3) draft a recommended checklist/command sequence to safely run the skill in a container and upgrade xlsx.Like a lobster shell, security has layers — review code before you run it.
latestvk979bz3y0shhqg02thxad4m5xs835e0b
License
MIT-0
Free to use, modify, and redistribute. No attribution required.