Attendance Sheet
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: attendance-sheet Version: 1.0.0 The skill bundle is classified as suspicious due to a potential file write vulnerability in `scripts/generate_attendance.py`. The script takes an `output_file` path directly from user input via command-line arguments without sanitization. An attacker could potentially specify a sensitive system path (e.g., `/etc/passwd`, `~/.ssh/authorized_keys`) as the output file, leading to an arbitrary file overwrite with an XLSX file. While this is a critical vulnerability, it does not demonstrate clear evidence of intentional malicious behavior by the skill's author, aligning it with the 'suspicious' classification rather than 'malicious'.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may not run unless openpyxl is already installed, and users should avoid installing dependencies from untrusted sources.
The script depends on the third-party openpyxl package, while the provided install specification declares no install step or dependency list. This is purpose-aligned for XLSX creation, but users should ensure the dependency comes from a trusted environment.
from openpyxl import Workbook
Use a trusted Python environment and install openpyxl from a reputable package source if needed.