ClawHub
Back to skill
v1.0.0

CSV Data Explorer

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 6:45 AM.

Analysis

The skill appears to be a normal local CSV analysis tool, with only routine cautions around dependency installation and user-provided filter expressions.

GuidanceThis looks suitable for local CSV exploration. Before installing, be aware that you may need to install pandas and matplotlib yourself, and review any filter condition before running it, especially if it came from an untrusted source.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Unexpected Code Execution
SeverityLowConfidenceMediumStatusNote
scripts/main.py
filtered = df.query(condition, engine='python')

The filter command evaluates a user-provided condition string through pandas' Python query engine. This is central to the CSV filtering feature, but it makes filter expressions something users should review rather than blindly accept from untrusted text.

User impactA poorly chosen or untrusted filter expression could behave unexpectedly during CSV filtering.
RecommendationUse simple, user-reviewed filter expressions and avoid letting untrusted CSV content or third-party text supply query conditions automatically.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
SKILL.md
pip3 install pandas matplotlib

The skill relies on external Python packages for its core CSV and plotting functionality. The install command is user-directed and purpose-aligned, but the packages are not version-pinned in the artifact.

User impactInstalling dependencies may fetch current package versions from the Python package ecosystem.
RecommendationIf reproducibility matters, install pandas and matplotlib in a virtual environment and consider pinning versions.