DataMaster Pro
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: datamaster-pro Version: 1.0.1 The skill bundle is classified as suspicious primarily due to a critical shell injection vulnerability (RCE risk) found in `scripts/report-generate.js`. This script uses `child_process.execSync` to invoke `wkhtmltopdf` with file paths constructed directly from user-provided command-line arguments (`reportName`), allowing for arbitrary command execution if malicious input is supplied. Additionally, `scripts/data-fetch.js` exposes high-risk capabilities such as arbitrary network requests (HTTP/HTTPS) and intended arbitrary database queries, which, while part of its stated purpose, present significant vulnerabilities for SSRF or SQL injection if input is not properly sanitized by the agent. These are severe vulnerabilities that could be exploited, but there is no clear evidence of intentional malicious behavior within the provided code.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked carelessly, the tool could request unintended URLs or send supplied headers to the wrong service.
The fetch script accepts user-supplied destinations, headers, and output paths. This is expected for a data-fetching skill, but it is broad enough that users should avoid sending credentials or requests to untrusted destinations.
case '--url': options.url = args[++i]; ... case '--api': options.api = args[++i]; ... case '--headers': options.headers = JSON.parse(args[++i]); ... saveData(data, options.output);
Use only approved URLs and APIs, review headers before running, and keep outputs in intended directories.
Pasted tokens, cookies, or database passwords could expose private accounts or business data if reused, logged by the shell, or sent to an unintended endpoint.
The documentation shows optional database credentials, cookies, and headers may be used for authenticated data access. That is purpose-aligned, but these credentials can grant access to private systems.
node scripts/data-fetch.js --db mysql://user:pass@host/db --query "SELECT * FROM sales" ... supports Cookie 认证 and Headers 设置
Use least-privilege temporary credentials, prefer environment variables or secure secret handling, and avoid placing real passwords directly in command history.
Users might look for or run additional installer/dependency files that were not part of the reviewed artifacts.
The documentation references npm/package and installer files, but the supplied manifest does not include those files or an install spec. This is an incomplete packaging/provenance signal rather than evidence of malicious behavior.
cd data-analysis-skill npm install ... package.json ... install.bat ... run.bat
Install only from reviewed files, verify any package.json or installer before running it, and be cautious with files obtained outside this artifact set.
A local binary named wkhtmltopdf on the user's PATH may be executed during PDF-related reporting.
The report generator uses a shell command to check for wkhtmltopdf, which is consistent with PDF export support and uses a constant command string in the supplied evidence.
execSync('wkhtmltopdf --version', { stdio: 'ignore' });Ensure wkhtmltopdf is installed from a trusted source, or use Markdown/HTML output if PDF generation is not needed.