Data Source Audit
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: data-source-audit Version: 2.1.0 The OpenClaw AgentSkill 'data-source-audit' is designed for comprehensive data source auditing and report generation. The Python code in SKILL.md implements data modeling and analysis logic using standard libraries like pandas, without any evidence of malicious intent. The `claw.json` file explicitly declares 'filesystem' permission, which is justified by the skill's ability to export data catalogs to Excel files (e.g., `catalog.to_excel("data_catalog.xlsx", index=False)` as shown in SKILL.md). The instructions in SKILL.md and instructions.md are clear, align with the stated purpose, and do not contain any prompt injection attempts to subvert the agent for harmful actions. There are no signs of data exfiltration, unauthorized command execution, persistence mechanisms, or obfuscation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked with broad or sensitive paths, the agent could read or create local files related to business data audits.
The skill requests filesystem access, which is expected for reading user-provided audit files and writing exports, but it still gives the agent local file handling authority.
"permissions": ["filesystem"]
Provide only the specific files or folders needed for the audit, and review any generated export before sharing it.
This does not show unsafe behavior, but it may make it harder to confirm package provenance and exact version identity.
The registry metadata reports an unknown source, and the included claw.json separately lists version 2.0.0, creating a minor provenance/version consistency point for users to verify.
Version: 2.1.0; Source: unknown
Verify the publisher, homepage, and installed version before using the skill with sensitive construction or business data.