ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Data Visualizer

v3.0.1

Terminal ASCII chart toolkit. Create bar charts, sparklines, histograms, and gauges from CSV or JSON data in the terminal.

0· 774·12 current·13 all-time
bybytesagain4@xueyetianya
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (terminal ASCII charts, CSV/JSON processing) match the provided script and SKILL.md. Declared optional DATAVIZ_DIR and use of python3/bash are reasonable for the stated capabilities.
Instruction Scope
Runtime instructions limit actions to reading user-supplied CSV/JSON files, producing terminal visualizations/exports, and writing a local data directory/history log. The SKILL.md and script do not attempt to read unrelated system credentials or send data to external endpoints.
Install Mechanism
No install spec; the skill is instruction + a bundled shell script. No external downloads or package installations are performed by the skill itself.
Credentials
The skill requests no secrets and uses only standard environment vars (DATAVIZ_DIR, XDG_DATA_HOME, HOME). It creates and writes under a per-user data directory (~/.local/share/data-visualizer) and logs history there — expected for this type of tool but worth noting for privacy-conscious users.
Persistence & Privilege
always is false and the skill does not request elevated or cross-skill configuration. It creates and uses its own data directory/history log (normal for a CLI tool).
Assessment
This skill appears to do what it claims: local CSV/JSON analysis and ASCII/SVG/HTML exports. Before installing or running it, review the bundled scripts (scripts/script.sh) yourself, ensure you have bash 4+ and python3, and be aware it will create ~/.local/share/data-visualizer/ and a history.log there. If you are cautious, run the script in a sandbox/container or review the full script for any unexpected commands. Note: the script contains some coding issues (shell arithmetic and heredoc variable-expansion mistakes) that may cause runtime errors — these are quality bugs, not indicators of deliberate malicious behavior.

Like a lobster shell, security has layers — review code before you run it.

chinesevk97amfbgyzc0bsgvecd1nebm2182pwvrlatestvk9753spqjcv2jvj416a2q097js8368ycproductivityvk97ct01rdjbd28nhp655d4ymv582sr66

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments