ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

datapilot

v1.0.1

面向所有问数与数据分析场景,基于 DataPilot 的 OpenAPI 执行从数据源接入到数据问答的完整流程。用于自然语言查数、SQL 查询校验、图表生成、报告导出下载、创建与管理数据分析 Agent、维护 Agent 知识库。

0· 299·1 current·1 all-time
by@hsunboy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
Name/description, required binary (node), and required env vars (DATAPILOT_API_URL, DATAPILOT_API_KEY) align with the included CLI script that calls a DataPilot OpenAPI (create-instance, ask, list-agents, knowledge management). Requested resources (API URL + key, ability to read user-provided datasource files) are proportional to the stated purpose.
!
Instruction Scope
SKILL.md instructs running the included node script and supplying datasource files; the runtime code reads user-supplied files (datasource JSON, sqlite .db) which is expected. However, the SKILL.md does not mention that the CLI will write a persistent log file in the skill directory or that it logs authentication material. The code calls writeLog() frequently and in getAuthHeaders() it passes keyenv: process.env.DATAPILOT_API_KEY (the raw API key) to the logger, which is a mismatch with the documentation and a potential secret-exposure vector.
Install Mechanism
There is no install spec (instruction-only + included node script). That is low-risk in terms of external code downloads. The included JS file will be executed with node; no external archive downloads or third-party package installs are present in the bundle.
!
Credentials
Requiring DATAPILOT_API_URL and DATAPILOT_API_KEY is appropriate for an API client. However, the code logs environment and argument data to a local log file and — crucially — writes the raw DATAPILOT_API_KEY into logs (getAuthHeaders calls writeLog with keyenv: process.env.DATAPILOT_API_KEY). Even partial exposure or local logging of secrets is disproportionate and increases risk if the logfile is accessible, synced, or exfiltrated.
Persistence & Privilege
always:false and the skill does not request system-wide privileges or modify other skills. It does create/append a local logfile (dataagent_cli.log) in the script directory, which is persistent on disk; this persistent logging combined with credential logging is the main concern but does not indicate elevated platform privileges.
What to consider before installing
This skill is coherent with its stated purpose (a Node CLI for DataPilot) but the bundled script writes persistent logs and explicitly logs the DATAPILOT_API_KEY value into dataagent_cli.log. Before installing or running: 1) Do not supply a high-privilege/long-lived API key — create a least-privilege key you can rotate. 2) Inspect or modify dataagent_openapi_cli.mjs to remove or sanitize keyenv logging (replace raw key with sanitized value or remove the field). 3) Run the script in an isolated environment (ephemeral container or sandbox) if you must test it, and ensure the logfile is not included in backups or synced locations. 4) Consider deleting or securing dataagent_cli.log after use and rotating the API key if it was exposed. If the author can clarify why the raw API key is logged and remove that behavior, the risk would be substantially reduced.

Like a lobster shell, security has layers — review code before you run it.

latestvk977jfjj12thfd56pfjafah5sd82gvsw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnode
EnvDATAPILOT_API_URL, DATAPILOT_API_KEY
Primary envDATAPILOT_API_KEY

Comments