ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ironclaw Pipeline Analytics

v1.0.0

Generate interactive analytics dashboards from CRM data. Use when asked to "show pipeline stats", "create a report", "analyze leads", "show conversion rates"...

0· 637·1 current·1 all-time
byPatrick Smith@aspenas
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name and description (pipeline analytics from CRM data) match the SKILL.md: it translates natural-language to DuckDB SQL, runs queries on pivot views (v_*), and formats results as Recharts-compatible report JSON. No unrelated credentials, binaries, or installs are requested.
Instruction Scope
Instructions focus on querying DuckDB workspace views and producing Recharts-compatible JSON. They do assume the agent can (a) execute DuckDB SQL against a workspace database and (b) render or display interactive Recharts components inline in chat. The SKILL.md does not specify how to connect to DuckDB or how rendering will be performed; that ambiguity could cause the agent to try different execution mechanisms or spawn subprocesses depending on the environment. Also be aware queries will access workspace CRM data — sensitive data may be returned in reports.
Install Mechanism
Instruction-only skill with no install spec and no code files. Nothing is written to disk and no external artifacts are fetched.
Credentials
No environment variables, credentials, or config paths are requested. The only implicit requirement is read access to the DuckDB workspace and its v_* pivot views, which is proportionate to the stated purpose.
Persistence & Privilege
always is false and the skill does not request elevated or persistent privileges. It does not attempt to modify system or other-skill configurations.
Assessment
This skill appears coherent with its purpose, but before installing consider: 1) Ensure your agent environment actually has a DuckDB workspace and the v_* pivot views the skill expects; otherwise it will fail or the agent may try alternate methods to run SQL. 2) Confirm you are comfortable the agent will execute queries over your workspace CRM data — test on non-production data first and avoid exposing sensitive PII. 3) Verify your chat environment can render interactive Recharts (HTML/JS) or be prepared to accept static alternatives. 4) The skill has no publisher homepage and source is unknown; prefer skills from identifiable maintainers when possible. 5) If you enable autonomous invocation, monitor initial runs to ensure queries and rendering behave as expected.

Like a lobster shell, security has layers — review code before you run it.

latestvk9782bpnv0jkrjnnrsrwtpejrn81bz8h

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📊 Clawdis

Comments