商业数据洞察 / Biz Data Insight
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill has a legitimate business-reporting purpose, but it can automatically sample raw business data and its SQL safety controls appear weaker than described.
Install only if you are comfortable granting this skill read access to the selected business datasource. Use a restricted read-only account or sanitized reporting views, review generated SQL before confirming execution, and avoid running automatic exploration on broad production databases containing sensitive personal or financial data.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Sensitive customer, financial, or operational rows could be exposed during setup even if the user only expected schema and row-count discovery.
The explore action retrieves raw sample rows from every discovered table and serializes them into tool output. The artifacts do not show masking or field exclusions before this data enters the agent context.
for table in tables: ... cursor.execute(f'SELECT * FROM "{table}" LIMIT 5' if ds_type == "postgresql" else f"SELECT * FROM `{table}` LIMIT 5") ... table_info["sample_data"] = [...]Use a read-only database account limited to approved tables or views, avoid connecting broad production databases with PII, and require explicit approval before sampling rows.
A generated or manipulated query could read more data than intended, even though destructive SQL keywords are blocked and the workflow asks for confirmation.
SQL can be assembled by raw string formatting and then executed as a full SQL string. This is weaker than true parameter binding or allowlisted query construction, especially for a skill handling business databases.
return TEMPLATES[template_name].format(**params) ... cursor.execute(sql)
Implement parameterized queries, strict table/column allowlists, enforced LIMIT clauses, and continue requiring the user to review generated SQL before execution.
The skill can read whatever the configured datasource credentials or file path allow it to read.
The skill expects a datasource connection URI and may use a database password. This is purpose-aligned, but it grants the skill access according to the supplied database/file permissions.
`BDI_DATASOURCE_URI` | 是 | 数据源连接地址或文件路径 ... `BDI_DB_PASSWORD` | 否 | 数据库密码(若连接字符串中未包含)
Provide only scoped, read-only credentials and point the datasource URI at sanitized exports or restricted reporting views when possible.