chat2duckdb

The skill's code, instructions, and declared dependencies are consistent with a local DuckDB-based data analysis tool; nothing indicates hidden network exfiltration or unrelated credential access.

This skill appears to do what it claims: run SQL over local CSV/JSON/Parquet/Excel files using DuckDB. Before installing or running it, consider: (1) install the listed Python packages (duckdb, pandas, numpy, openpyxl) in an isolated environment (virtualenv) so you avoid supply-chain issues; (2) only run the script on datasets you trust — it executes arbitrary SQL supplied to it and will read/write local files and optionally persist a .duckdb database; (3) the references file contradicts the SKILL.md on Excel support — verify Excel behavior in a safe test; (4) review the included script if you have sensitive data concerns (it contains local file I/O but no network calls or credential access). If you need to run this in production or on sensitive data, run it in a sandbox or container and audit outputs.