Open Data Integrator
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: open-data-integrator Version: 2.1.0 The skill declares broad `filesystem` and `network` permissions in `claw.json`. While the Python code in `SKILL.md` explicitly *simulates* network calls (e.g., for weather data) and does not perform any actual file I/O or network requests, the agent will still be granted these permissions. This constitutes a 'risky capability' as per the classification guidelines, as it could be exploited by future prompt injections or code modifications to perform unauthorized actions, even if no malicious intent is present in the current implementation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may read or write local project datasets and contact external open-data services when performing analyses.
The skill declares access to local files and the network. This is aligned with its data-integration purpose, but it is still broad enough that users should ensure only intended files and data sources are used.
"permissions": [
"filesystem",
"network"
]Use project-specific paths, review any exports, and avoid providing sensitive files unless they are needed for the analysis.
If a user supplies an API key for a data provider, that key gives access to the corresponding provider account or quota.
The documentation includes optional provider API-key handling for connectors such as weather data. This is expected for open-data integrations and no hardcoded, logged, or unrelated credential use is shown.
api_key_required: bool = False ... def __init__(self, api_key: Optional[str] = None):
Use a least-privilege API key for the specific provider and do not include unrelated credentials in project data files.