Historical Cost Analyzer
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: historical-cost-analyzer Version: 2.0.0 The skill requests 'filesystem' permission in `claw.json`. While this permission is plausibly needed for the skill's stated purpose of analyzing historical data (as demonstrated by the `pd.read_excel` example in SKILL.md), it is a broad permission that grants significant access. The Python code itself does not contain malicious logic, nor do the markdown instructions attempt prompt injection or instruct the agent to perform harmful actions. However, the declaration of broad filesystem access, even if justified, falls under the 'risky capabilities without clear malicious intent' threshold for 'suspicious' classification.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If granted file access, the agent may be able to read project cost files that could contain sensitive business information when the user asks it to analyze them.
Filesystem access is declared even though the skill is instruction-only; this is purpose-aligned with loading construction cost data, but it is still a capability users should notice.
"permissions": ["filesystem"]
Only point the skill at the specific historical cost or estimate files you want analyzed, and avoid sharing unrelated confidential project data.