Data Toolkit
AdvisoryAudited by Static analysis on May 4, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user or agent could accidentally change or lose the original contents of a local data file.
The cleaner is intended to modify data, but its default behavior can overwrite the original input file when an output path is not supplied.
parser.add_argument('--output', '-o', help='Output file path (default: overwrites input)')Use an explicit --output path, keep backups of important files, and confirm before running cleaning operations on original data.
Different package versions or untrusted package sources could change behavior or introduce dependency risk.
The skill relies on a manual, unpinned package installation step while the registry install spec is empty. The packages are purpose-aligned, but their versions and provenance are left to the user environment.
pip install pyyaml pandas
Install dependencies from trusted package indexes, consider pinning versions, and prefer a declared/reproducible install specification.