ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Excel Finance

v1.0.0

Excel 财务模型技能 - Excel 财务模型模板、自动化报表生成

0· 165·0 current·0 all-time
by@alsoforever
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill claims to create Excel models and output files (financial_model.xlsx, reports.xlsx, sensitivity.xlsx). The included Python file (scripts/excel_model.py) only prints progress and messages and does not create or write any Excel files, nor does it import or use libraries for Excel (e.g., openpyxl, pandas). SKILL.md examples import from 'excel_finance' but no module with that name is included — the actual filename is excel_model.py. This is a functional mismatch between claimed capability and shipped artifacts.
Instruction Scope
The SKILL.md examples and instructions are narrowly scoped to creating models, generating reports, and running sensitivity analysis. They do not instruct reading unrelated files, accessing environment variables, contacting external endpoints, or collecting system data. However, the instructions reference a module name ('excel_finance') that is not present in the package, which could cause runtime confusion.
Install Mechanism
No install spec is provided (instruction-only plus a small script). No external downloads, package installs, or archive extraction are present. Required binaries are reasonable (python3, pip).
Credentials
The skill requests no environment variables, no credentials, and no config paths. That is proportionate to the stated purpose. The code does not attempt to read environment variables or access external secrets.
Persistence & Privilege
The skill is not flagged always:true and does not request persistent system-level presence. It does not modify other skills or system settings. Autonomous invocation is allowed (platform default) but there are no additional privileges requested.
What to consider before installing
This skill appears to be a lightweight or incomplete implementation rather than a hidden-risk package: it asks only for python/pip and contains a small script that only prints messages and does not actually generate Excel files or perform network calls. Before installing or using it, consider: 1) Do not expect it to produce real spreadsheets — review or run the code in a safe sandbox to verify behavior. 2) The SKILL.md imports 'excel_finance' but the included file is excel_model.py; the package may be misnamed or missing packaging steps — ask the author for a proper distribution or a setup.py/pyproject. 3) Because it doesn't request credentials or perform network I/O, it poses low risk for secret exfiltration, but also likely lacks promised functionality. If you need real Excel output or integration with data sources, obtain a well-packaged library (with tests and explicit dependencies like openpyxl/pandas) or request the full implementation from the publisher.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ew58ftytfshz5krbz7qwf1983spe5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📊 Clawdis
Binspython3, pip

Comments