Data Analysis Assistant
v1.0.6AI-powered data analysis using EvoLink API. Decision-first methodology with statistical rigor. Powered by evolink.ai
⭐ 0· 117·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill's name/description (data analysis via EvoLink) aligns with what the code does: the script reads a data file and posts its contents to https://api.evolink.ai for analysis. The required credential (EVOLINK_API_KEY) and declared helper binaries (curl, jq, python3, file) are consistent with that purpose. Note: the top-level registry summary provided with the evaluation incorrectly listed no required env vars/credentials, while the included SKILL.md and _meta.json do declare EVOLINK_API_KEY and related env vars — this is an inconsistency in the registry metadata but not evidence of malicious behavior.
Instruction Scope
The script deliberately reads the entire file and includes its full contents in the API request (this is the intended behavior and is clearly documented and warned about in SKILL.md). The skill includes several protective checks (safe directory constraint, symlink rejection, filename blacklist, 50MB size limit, MIME/extension checks). These protections reduce risk but do not eliminate the primary privacy concern: any sensitive data present in the file (credentials, PII, confidential business data) will be transmitted to the external EvoLink API. The README and SKILL.md explicitly warn about this.
Install Mechanism
No install spec — instruction-only with an included shell script. Nothing is downloaded or written beyond running the provided script with standard system tools. This is low-risk from an install/remote-code-fetch perspective.
Credentials
The only required secret is EVOLINK_API_KEY (plus optional EVOLINK_MODEL and DATA_ANALYSIS_SAFE_DIR), which is proportional to a service that requires authentication. The script sends the API key in the Authorization header to api.evolink.ai as expected. The only discrepancy is the registry summary earlier in the package metadata (which claimed no required env vars) — a documentation/manifest mismatch that should be corrected but does not change the proportionality of requested credentials.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system settings, and does not request elevated or persistent permissions. It operates at runtime only when invoked.
Assessment
This skill will send the entire contents of any input data file to api.evolink.ai; do not use it on files that contain PII, credentials, or confidential business data. Before using: (1) review the included scripts yourself (they are readable and use curl/jq/python3/file), (2) ensure files you analyze are placed under the configured safe directory and sanitized of secrets, (3) set EVOLINK_API_KEY only if you trust the EvoLink service and consider using a scoped/revocable key, (4) note the registry metadata mismatch about required env vars — prefer the SKILL.md/_meta.json truth over the top-level summary, and (5) if you need to analyze sensitive data, consider running analysis locally or anonymizing the data first.Like a lobster shell, security has layers — review code before you run it.
latestvk974pdh6n7bjmvk3b66gan459183q8at
License
MIT-0
Free to use, modify, and redistribute. No attribution required.