Clean CSV Toolkit
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: clean-csv-toolkit Version: 0.1.0 The clean-csv-toolkit is a well-implemented set of local data processing utilities using only the Python standard library. It includes proactive security measures, such as a path validation regex in scripts/_common.py designed to prevent shell metacharacter injection. The code contains no network calls, no subprocess execution, and no evidence of data exfiltration or prompt injection, strictly adhering to its stated purpose of offline CSV/JSONL manipulation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running cleanup or conversion commands can overwrite the selected output path and can create reports containing rows from the source data.
The toolkit writes cleaned outputs and optional removed-row reports to caller-provided paths. This is expected for a cleanup tool, but it can create or overwrite local files chosen by the user or agent.
with output_path.open("w", encoding="utf-8", newline="") as fh: ... if removed_report is not None: ... removed_report.open("w", encoding="utf-8")Use explicit new output paths, avoid pointing outputs at originals or protected locations unless intended, and review generated files before forwarding them.
Names, emails, customer records, or other sensitive cell values could be exposed in tool output if the selected file contains them.
The inspection report includes sample cell values from the input file. This is purpose-aligned, but those values may become visible in the agent conversation or logs.
"sample": sample_values ... sample_str = ", ".join(repr(s) ... for s in c["sample"])
Inspect only files appropriate for the agent context, and use options such as `--sample 0` when you need structure without exposing example values.