ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Analyse Data

v1.0.3

Data analysis skill providing three core functions: data analysis, data interpretation, and data visualization. **Use Cases**: (1) Data Analysis - Statistics...

0· 195·1 current·1 all-time
byChartGen AI@chartgen-ai·duplicate of @chartgen-ai/analysis-data
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, SKILL.md, and code all target ChartGen (chartgen.ai) for analysis, interpretation, and visualization. The single required env var (CHARTGEN_API_KEY) directly matches the declared external service. The included scripts implement the advertised functions (analysis, interpretation, visualization).
Instruction Scope
Runtime instructions and scripts require the user to provide a file or JSON which is base64-encoded and sent to chartgen.ai. This is within the declared scope, but it means arbitrary input files (including potentially sensitive data) are transmitted to the external API — the SKILL.md does not warn about sensitive data handling.
Install Mechanism
There is no install spec (no packages pulled by the skill). The skill includes runnable Python scripts that use the 'requests' library; the environment must provide Python and required libraries but the skill does not declare or install them. This is not malicious but may cause runtime failures if dependencies are missing.
Credentials
Only CHARTGEN_API_KEY is required, which is proportionate: the API client places it in the Authorization header. No unrelated secrets, config paths, or other environment variables are requested.
Persistence & Privilege
The skill does not request permanent/always-on privileges. It writes chart HTML to a local temp directory (/tmp/openclaw/charts) when generating visuals — behavior consistent with its purpose. Autonomous invocation is allowed by default (platform normal).
Assessment
This skill appears to do what it says: it sends your provided CSV/XLSX/JSON data to chartgen.ai using the CHARTGEN_API_KEY and returns analysis/visualizations. Before installing or running it, consider the following: (1) Only use non-sensitive or anonymized data — files are uploaded in full to an external service. (2) Verify you trust chartgen.ai and understand their data retention/billing policies (SKILL.md mentions credit usage). (3) Protect your CHARTGEN_API_KEY — it will be sent as the Authorization header; treat it like any other API secret. (4) The package does not declare or install Python dependencies (requests); ensure your runtime has Python and required libs. (5) If you need offline analysis or cannot share data, do not use this skill. If you want higher assurance, review the printed source (chartgen_api.py) and test with dummy data and a limited-permission key first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dk9v5qfmkp9m62y9hngndg5841721

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvCHARTGEN_API_KEY

Comments