Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Li Etl Handle Safe
v1.0.2安全处理Excel和CSV文件,支持读取、写入、清洗、转换和合并数据,禁止任意代码执行,保障数据安全。
⭐ 0· 135·0 current·0 all-time
byTerry S Fisher@43622283
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (safe Excel/CSV ETL) aligns with the provided code: read/write CSV & XLSX, cleaning, transforms, merging. The code uses exceljs/csv libs and only performs local file I/O and in-memory transformations — consistent with purpose.
Instruction Scope
SKILL.md and index.js instruct only local file reads/writes and transformations, and the code contains no eval/child_process/network calls. However SKILL.md and skill.yaml claim disable-model-invocation: true (skill should not be autonomously invoked) while the registry flags provided at the top indicate disable-model-invocation is false on the platform — a configuration mismatch that affects runtime behavior and security assumptions.
Install Mechanism
There is no install spec (instruction-only) which is low risk, but the included package-lock.json contains many 'resolved' URLs pointing to a third-party/npm mirror (mirrors.tencentyun.com) over HTTP. This contradicts the skill's claim that dependencies come from the official HTTPS npm registry and could be a supply-chain / integrity concern if packages are installed using that lockfile.
Credentials
The skill requests no environment variables, no credentials, and accesses only local file system paths provided to its functions. This is proportionate to an ETL utility.
Persistence & Privilege
The skill's manifest (skill.yaml and SKILL.md) claim disable-model-invocation: true, but the registry/platform metadata shows disable-model-invocation: false (default). Because autonomous invocation is allowed by the platform as provided, the skill could be invoked automatically unless platform configuration prevents it — this mismatch should be resolved. always: false (good).
What to consider before installing
What to check before installing or running this skill:
- Resolve the disable-model-invocation mismatch: SKILL.md/skill.yaml claim the skill should not be autonomously invoked, but the platform metadata shows disable-model-invocation is not set. If you need the skill prevented from autonomous runs, enforce it in the platform before enabling.
- Verify package sources before installing: the included package-lock.json lists package tarballs from a non-official HTTP mirror (mirrors.tencentyun.com). Prefer installing from the official npm registry (HTTPS) and/or regenerate the lockfile on a trusted machine to ensure package integrity.
- Review the package.json and lockfile locally (or run npm audit) if you plan to install dependencies — the code itself has no network calls, but transitive dependencies may have known vulnerabilities.
- The code performs local file I/O and will create directories/files where given — run it on test data first and avoid giving it sensitive system paths.
- Note the implementation bug in cleanData (it builds cleanedRow but doesn't use it) — this is a functionality issue, not a security problem, but you may want fixes before production use.
If you cannot verify the lockfile and the platform invocation setting, treat the skill as untrusted until those inconsistencies are resolved.Like a lobster shell, security has layers — review code before you run it.
latestvk97fn9gcaf5e51y7q70hrrqqq983431b
License
MIT-0
Free to use, modify, and redistribute. No attribution required.