csv-cleanroom
PassAudited by ClawScan on May 1, 2026.
Overview
The skill coherently profiles user-provided CSV files with a small local script, with only minor cautions about explicit file paths and package provenance.
This appears safe for its stated purpose. Before installing or running it, confirm the CSV and output paths, avoid using it on sensitive data unless local processing is acceptable, and note the minor metadata version/provenance inconsistency.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run with the wrong paths, the skill could profile an unintended local CSV or overwrite the selected output JSON file.
The bundled tool processes a local file path and writes an output file. This is purpose-aligned for CSV profiling, but users should choose paths carefully because the output file can be overwritten.
ap.add_argument("csv_path") ... ap.add_argument("--out", default="csv_profile.json") ... json.dump(out, open(args.out, "w", encoding="utf-8"), ensure_ascii=False, indent=2)Run it only on the intended CSV and set --out to a safe new output path when preserving existing files matters.
It may be harder to independently verify the exact published release or maintainer source.
The package provenance is limited, and SKILL.md declares version 1.1.0 while registry metadata lists 1.0.0. This does not show unsafe behavior, but it slightly reduces release traceability.
Source: unknown; Homepage: none; Version: 1.0.0
Review the bundled files before use and ask the publisher to align registry and SKILL.md versions if provenance matters.