ClawHub

datapilot

WarnAudited by ClawScan on May 18, 2026.

Overview

The DataPilot integration mostly matches its stated purpose, but the included CLI writes sensitive credentials to a local log file.

Review or patch the CLI before installing, especially the logging in `getAuthHeaders`. Use a trusted `DATAPILOT_API_URL`, rotate credentials if already used, avoid inline datasource JSON containing passwords, and confirm any create/update/delete action.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

High
#ASI03: Identity and Privilege Abuse
What this means

A DataPilot API key, and potentially database credentials passed inline, could remain in a local log where other tools or users may read them.

Why it was flagged

The CLI persists a log file and writes the raw `DATAPILOT_API_KEY` environment variable into it. `sanitizeArgs` only masks `token` and `apiKey`, so other sensitive arguments such as inline datasource JSON may also be logged.

Skill content
const LOG_FILE = join(__dirname, "dataagent_cli.log"); ... await appendFile(LOG_FILE, line, "utf-8"); ... writeLog({ type: "getAuthHeaders", args: sanitizeArgs(args), keyenv: process.env.DATAPILOT_API_KEY });
Recommendation

Do not use this version until secret logging is removed or fixed. Rotate any DataPilot key already used with it and use least-privilege credentials.

Medium
#ASI02: Tool Misuse and Exploitation
What this means

If invoked with the wrong namespace, agent ID, or content, the skill could create unwanted agents or alter/delete DataPilot knowledge.

Why it was flagged

The advertised commands can create DataPilot agents, connect data sources, list agents across namespaces, and update or delete knowledge entries. These actions fit the skill purpose but can modify service state.

Skill content
`create-instance` ... `list-agents` ... `knowledge-upsert` ... `knowledge-delete`
Recommendation

Use explicit namespace and agent IDs, and require user confirmation before create, update, or delete operations.

Low
#ASI06: Memory and Context Poisoning
What this means

Incorrect, sensitive, or outdated knowledge can persist and influence future DataPilot answers.

Why it was flagged

The skill intentionally stores or changes knowledge that a DataPilot agent can reuse later for analysis.

Skill content
维护 Agent 知识库(参考 SQL、业务知识、分析模板) ... `knowledge-upsert` — 新增或覆盖一条知识
Recommendation

Only add reviewed knowledge, avoid storing secrets, and periodically audit or delete outdated entries.