Csv Handler
Security checks across malware telemetry and agentic risk
Overview
The skill appears to be a coherent CSV-processing helper with expected local file access, and no artifact-backed evidence of exfiltration, deception, persistence, or destructive behavior.
This looks safe to use for intended CSV-cleaning tasks. Before installing or invoking it, confirm you are comfortable giving it access to the specific local CSV files you choose, review any exported files, and verify Python package dependencies if you plan to run the documented implementation.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can operate on local files the user points it to and may create output files, so accidental use on the wrong path could expose or modify unintended project data.
The skill declares filesystem access, which is expected for reading and writing CSV files but still gives the agent local file-handling authority.
"permissions": [
"filesystem"
]Use explicit input and output paths, review generated files before relying on them, and avoid pointing the skill at directories or files that are not needed for the task.
If the user or agent needs to run the documented code, missing dependency declarations could lead to ad hoc package installation decisions.
The documented implementation depends on third-party Python packages, while the registry requirements only declare python3 and there is no install spec.
import pandas as pd ... import chardet
If running the implementation, install required packages from trusted sources and prefer pinned versions; the skill publisher should declare pandas and chardet explicitly if they are required.