Llm Data Automation
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: llm-data-automation Version: 2.1.0 The skill bundle is designed for LLM-driven construction data automation, generating Python/Pandas scripts for data processing. The `claw.json` requests `filesystem` permission, which is justified by the Python code examples in `SKILL.md` that involve reading and writing various file formats (CSV, Excel, PDF) using `pandas` and `pdfplumber`. While `SKILL.md` includes a `curl | sh` command for installing Ollama, it is presented as a manual user instruction, not an instruction for the OpenClaw agent to execute. Neither `SKILL.md` nor `instructions.md` contain any directives for prompt injection, data exfiltration, persistence, or other malicious activities. All code examples and instructions align with the stated purpose and lack high-risk behaviors or suspicious external communication.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The assistant may read or write local project data files as part of data extraction, conversion, or export tasks.
The skill declares filesystem permission, which is expected for reading construction files and exporting processed results, but it means the agent may handle local files selected or referenced by the user.
"permissions": [
"filesystem"
]Provide only the files and folders needed for the task, and review export destinations before allowing writes.
Generated code could modify outputs or process sensitive data incorrectly if executed blindly.
The skill is explicitly about generating Python/Pandas scripts and has a python3 requirement. This is purpose-aligned, but generated scripts can affect local files or produce incorrect transformations if run without review.
Generate Python/Pandas scripts, extract data from documents, and create automated pipelines
Review generated Python before running it, especially code that writes files, installs packages, or processes sensitive business data.
If users paste confidential project details, documents, or cost data into an online LLM, that data may be processed by a third-party provider.
The documentation suggests using online LLM providers for data-processing prompts. This is disclosed and optional, but construction project data shared in prompts may leave the local environment.
Option 1: Use ChatGPT/Claude Online
Use approved providers and avoid sharing confidential construction, financial, or client data unless your organization permits it.