Python Automation

PassAudited by VirusTotal on May 6, 2026.

Overview

Type: OpenClaw Skill Name: python-automation Version: 1.0.0 The skill bundle is a standard collection of Python automation utilities and reference guides for tasks like file renaming, CSV-to-Excel conversion, and PDF processing. The provided scripts (scripts/rename_batch.py and scripts/csv_to_excel.py) use standard libraries (pathlib, re, openpyxl) and follow their stated logic without any hidden or malicious behaviors. No evidence of prompt injection, data exfiltration, or unauthorized network activity was found.

Findings (0)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

NoteHigh Confidence

ASI02: Tool Misuse and Exploitation

What this means

A mistaken directory, filter, or rename pattern could rename many files at once.

Why it was flagged

The batch rename script can modify filenames in the selected directory when run without --dry-run. This is expected for the tool, but it is a bulk file mutation capability.

Skill content

def rename_files(pairs):
    ...
        src.rename(dst)
...
if args.dry_run:
    dry_run(pairs)
else:
    rename_files(pairs)

Recommendation

Use --dry-run first, limit the directory and extensions, keep backups for important files, and review the planned changes before running the actual rename.

NoteHigh Confidence

ASI04: Agentic Supply Chain Vulnerabilities

What this means

Installing packages from public registries can introduce dependency risk if the wrong package or a compromised version is installed.

Why it was flagged

The skill suggests installing third-party Python packages without pinned versions. These are purpose-aligned optional dependencies, not automatic installs.

Skill content

`pip install openpyxl`; `pip install requests beautifulsoup4`; `pip install watchdog`; `pip install schedule`

Recommendation

Install only packages you need, prefer a virtual environment, verify package names, and pin versions for repeatable or sensitive workflows.

NoteHigh Confidence

ASI10: Rogue Agents

What this means

If a user later asks the agent to create cron jobs or file watchers, those automations could continue running after the immediate task.

Why it was flagged

The skill includes persistent or repeated automation patterns in scope. The artifacts do not install or start such persistence automatically.

Skill content

Automate repetitive system tasks (cron, file watching)

Recommendation

Create scheduled or file-watching tasks only with explicit approval, document how to stop them, and review what files or commands they will affect.