Transform Tool
PassAudited by VirusTotal on May 5, 2026.
Overview
Type: OpenClaw Skill Name: transform-tool Version: 1.0.0 The skill bundle provides a data transformation utility for converting between formats like JSON, CSV, XML, and YAML in scripts/transform.py. Although there is a discrepancy between the usage examples in SKILL.md (which focus on text case changes) and the actual CLI arguments implemented in the Python script, the code is a straightforward data processing tool with no evidence of malicious behavior, data exfiltration, or security bypasses.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent or user may try the wrong command options or misunderstand what the tool actually does.
The actual script requires format-conversion flags, while SKILL.md documents different options such as --upper, --lower, --trim, and --reverse. This is a documentation mismatch, not evidence of malicious behavior.
parser.add_argument('--from', '-f', dest='from_format', required=True, ...); parser.add_argument('--to', '-t', dest='to_format', required=True, ...)Verify the script's real command-line interface before relying on the SKILL.md examples, or ask the publisher to align the documentation and implementation.
The skill may not run as documented unless a separate wrapper or manual invocation is provided.
The skill references a transform-tool CLI, but the supplied install information says there is no install spec and the manifest only shows scripts/transform.py. This leaves the command wrapper or invocation path unclear.
transform-tool [options] <file>
Use the included script directly only after reviewing it, or confirm how the transform-tool command is installed or mapped.