ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

CSV Data Explorer

v1.0.0

Explore, filter, summarize, and visualize CSV data directly in terminal with interactive queries.

0· 227·2 current·2 all-time
byDerick@derick001
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required binary (python3), declared Python deps (pandas, matplotlib), examples, and the included scripts/main.py all align with a CLI CSV exploration tool. No unrelated binaries, credentials, or config paths are requested.
Instruction Scope
Runtime instructions only invoke the included script to load, filter, summarize, and visualize CSVs — consistent with purpose. The filter implementation uses pandas.DataFrame.query with engine='python' and performs a simple substring check to reject 'import', 'exec', 'eval', '__' — this is a naive sanitizer and could potentially be bypassed or allow unexpected expression evaluation when filtering untrusted inputs. Other behaviors (reading/writing files, saving plot PNGs) are expected for this tool.
Install Mechanism
No install spec provided (instruction-only / packaged script). The package contains scripts/main.py and README; nothing is downloaded from remote URLs or installed automatically. Dependencies are standard Python libs (pandas/matplotlib) that the user would install via pip.
Credentials
No environment variables or credentials are requested. The skill only needs filesystem access to read CSVs and write outputs (images/exports), which is proportional to its functionality.
Persistence & Privilege
always:false and no indications the skill modifies other skills or system-wide agent settings. It runs as a normal, user-invokable CLI tool and does not claim persistent elevated privileges.
Assessment
This skill appears coherent for exploring CSVs: it only needs Python and common plotting/data libraries and reads/writes local files. Before installing/running: (1) review scripts/main.py entirely (the supplied snippet is mostly benign but truncated); (2) be cautious with the --where / filter option — the tool uses pandas' query with engine='python' and a very simple blacklist for unsafe tokens, which may not fully prevent code execution if you pass untrusted or malicious filter strings; avoid running filtering commands on CSVs or filter expressions from untrusted sources. Run the tool inside a virtualenv or sandbox, install pandas/matplotlib with pip in that environment, and ensure output files are written to a directory you control. If you need to accept arbitrary user-provided filters, consider hardening the filter parsing (e.g., use a restricted expression parser or engine='numexpr').

Like a lobster shell, security has layers — review code before you run it.

latestvk97eecgq4ff1tkd6yh6h0ap73s82j0gm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3

Comments