巴厘岛旅游资源解析入库
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill matches its CSV import purpose, but it can broadly download Drive files, rewrite production CSVs, and delete non-result files in a target folder without strong safeguards.
Use this skill only with a dedicated empty working/output folder and backed-up production CSVs. Review the Google Drive file list before downloading, avoid broad My Drive links, require a dry-run before CSV changes, and do not allow cleanup deletion unless you have confirmed exactly which files will be removed.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user points the skill at a folder containing other documents, those files could be deleted during cleanup.
The cleanup instruction deletes all non-result files in the user-provided target directory, not only files created by the skill, and does not require a preview, confirmation, backup, or quarantine.
“入库完成后,目标文件夹只保留结果 CSV 文件,一律删除” ... “任何非结果 CSV 的残留文件” ... “清理目标目录,保留结果CSV,删除其余所有文件”
Restrict cleanup to files created in the current run, show a deletion preview, require explicit confirmation, and move files to an archive/trash folder instead of permanently deleting them.
The agent may access or download more Google Drive documents than the user intended, especially from broad folders or My Drive links.
The Drive workflow can list files and download ambiguous documents from the provided Drive location. If the user provides a broad Drive URL, this may exceed the intended contract-only scope.
“调用 `google-drive` 技能,传入 Drive URL,列出所有文件” ... “如无法判断,一律下载”
Use a dedicated Drive folder containing only intended supplier contracts, require the agent to show the matched file list before download, and avoid any “download all if uncertain” fallback.
Bad input, an encoding mismatch, or an interrupted write could corrupt a production CSV used by the business.
The helper reads existing CSV rows, adds new rows, and rewrites the entire target CSV. There is no built-in backup, locking, atomic replace, or required dry-run before modifying production data.
“rows.extend(new_rows)” ... “with open(csv_path, "w", encoding="utf-8-sig", newline="") as f:” ... “writer.writerows(rows)”
Create a timestamped backup before writing, validate encodings and headers, use atomic file replacement with locking, and make dry-run plus user confirmation the default for production paths.
Installing external packages or skills introduces normal supply-chain risk.
The skill asks the user to install another skill and a Python package, but these setup steps are not pinned in an install spec. They are user-directed and aligned with the purpose.
“openclaw skills install google-drive” ... “pip install pdfplumber”
Install only from trusted sources, prefer pinned versions, and review the google-drive skill separately before granting Drive access.
If run against a shared Redis instance, other systems or agents could consume INSERT/UPDATE/DELETE resource events.
The included helper can publish resource update messages to a Redis Stream. This is not automatically invoked in the visible workflow, but it is an under-documented communication path.
“REDIS_HOST = os.environ.get("REDIS_HOST", "localhost")” ... “REDIS_STREAM = "resource_stream"” ... “r.xadd(REDIS_STREAM, message)”Document when Redis broadcasting is used, require explicit configuration, namespace the stream, and use authentication/TLS for non-local Redis deployments.