Back to skill
Skillv1.0.0
ClawScan security
Data Analysis Workflow · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 14, 2026, 6:47 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and metadata are coherent with its stated purpose (a standardized data-analysis workflow); it does not request credentials, perform network activity, or install external artifacts.
- Guidance
- This skill appears to be what it claims: a local data-analysis workflow. Before installing/using: (1) confirm you trust the source of the Python script (it will run arbitrary code locally); (2) ensure your Python environment has required packages (pandas, and readers for xlsx/.sav if you plan to use those formats); (3) run the script on non-sensitive sample data or inside a sandbox if you are unsure; (4) the skill does not attempt network access or request credentials, but if you or an agent run the script, review it first — it currently only reads files and prints reports.
Review Dimensions
- Purpose & Capability
- okName/description describe a data-analysis workflow and the provided SKILL.md plus the included Python script implement that workflow (data loading, checks, guidance about stages). The skill references other analysis/visualization skills (data-analysis, statistical-analysis, seaborn, etc.) as integrations, which matches the declared purpose.
- Instruction Scope
- okSKILL.md and examples only instruct running the bundled Python script on local files and describe analysis stages. The instructions do not ask the agent to read unrelated system files, transmit data externally, or access environment variables. The runtime behavior in scripts/data_analysis_workflow.py is limited to local file I/O and printing diagnostics.
- Install Mechanism
- noteThere is no install spec (instruction-only), which is low risk. Note: the Python script requires runtime libraries (pandas and likely others such as openpyxl or pyreadstat for .sav). Those dependencies are not installed or declared as environment requirements — the skill assumes a Python environment with appropriate packages available.
- Credentials
- okThe skill does not request credentials, configuration paths, or environment variables. The lack of secret access is proportionate to a local data-analysis utility.
- Persistence & Privilege
- okalways is false and the skill does not request permanent system presence or modify other skills. It does not write configuration or acquire elevated privileges.