ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Insight Brief Generator

v1.0.0

把报表和图表转成管理层可读的洞察摘要,区分发现、解释和建议动作。;use for insights, analytics, briefing workflows;do not use for 夸大结论, 把相关性当因果.

0· 101·0 current·0 all-time
byvx:17605205782@52yuanchangxing
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (convert reports/charts into management-ready insights) align with the included files and script behavior. The only declared runtime requirement is python3 and the bundled script/resources/templates drive output generation—no unrelated binaries or cloud credentials are requested.
Instruction Scope
SKILL.md confines behavior to generating structured drafts and suggests using the local script if available. The script supports multiple modes (structured_brief, directory audit, CSV audit, pattern scan, skill audit) and will read files from whichever path you pass as --input. That means if a user invokes it on a large or sensitive directory it will enumerate and read many text files (which is consistent with its audit modes but worth noting). The skill explicitly warns not to fabricate facts and not to perform external system changes.
Install Mechanism
No install spec; instruction-only plus a local Python script. This is low-risk: nothing is downloaded or extracted, and the script uses only the Python standard library per README and SELF_CHECK.
Credentials
The skill requires no environment variables or credentials. The script includes built-in patterns to detect risky content (e.g., secret-like strings) and masks them in output, which is sensible for audit functionality. Users should avoid running it on directories containing secrets unless they intend to scan for them.
Persistence & Privilege
always is false, the skill does not request permanent presence, does not modify other skills, and only writes output when asked (or when --output provided). It does not attempt to change agent/system configuration.
Assessment
This skill appears coherent and offline-first, but consider these practical precautions before running: (1) Review scripts/run.py yourself if you want to confirm there are no unexpected behaviors. (2) When invoking the script, avoid pointing --input at broad system directories (e.g., /, /home, or your entire repo) if those contain secrets; use a narrow path or run with --dry-run first. (3) The script can read and include file contents in outputs—treat outputs as potentially containing sensitive data. (4) The skill does not perform network calls or request credentials, so network exfiltration is not apparent in this bundle. If you need stronger guarantees, run the script in a sandbox or inspect the code locally before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk971pc3r957bwyxawv2jxapyy9835ykt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📈 Clawdis
OSmacOS · Linux · Windows
Binspython3

Comments