Etl
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: etl Version: 2.0.1 The 'etl' skill is a straightforward Bash-based logging utility designed to record and track ETL pipeline activities in local text files. Analysis of 'scripts/script.sh' and 'SKILL.md' shows that the tool only interacts with its own data directory (~/.local/share/etl/) and lacks any network access, credential harvesting, or unauthorized file system operations. While the export functions in 'scripts/script.sh' lack rigorous input escaping for JSON/CSV formats and the search function is potentially susceptible to minor argument injection, these are unintentional functional bugs rather than malicious features or high-risk vulnerabilities.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Pipeline names, schemas, SQL snippets, data locations, validation results, or other details typed into the tool can remain on disk and may later be shown or exported.
The skill persists user-entered ETL activity for later viewing, searching, and export. This is expected for the stated purpose, but those logs may retain sensitive pipeline details or untrusted text.
All data is stored as plain-text log files in `~/.local/share/etl/` ... Every operation is also appended to `history.log`
Do not log secrets, tokens, or sensitive personal data. Review or delete `~/.local/share/etl/` when needed, and treat log contents as untrusted data when reusing them.
Users may need to verify how the `etl` command is installed and whether the local shell utilities it expects are available.
The package includes a Bash script and SKILL.md documents Bash/coreutils requirements, but the registry metadata does not declare those runtime expectations. No remote installer or hidden dependency is evidenced.
Required binaries (all must exist): none ... No install spec — this is an instruction-only skill.
Before use, confirm the script installation path and ensure Bash/coreutils are present; maintainers should align registry requirements with the documented CLI requirements.