Skillv1.0.0

ClawScan security

Ai Data Analyst Cn · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 4, 2026, 5:35 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's marketing and feature list claim database direct-connect, API and private-deploy capabilities, but the skill provides no install steps, no code, and requests no credentials—this mismatch could lead to unexpected requests for sensitive access if you use it.
Guidance: Before installing or using this skill: 1) Ask the publisher how database connections and 'API' features are implemented and where data is sent/processed—get concrete endpoints and a privacy/data retention policy. 2) Never provide production DB credentials or high-privilege keys; test with sample or read-only accounts first. 3) Verify whether any export or API calls send data outside your control; demand an explicit list of remote hosts. 4) If you need private deployment or API integration, require code, deployment instructions, or an audited binary rather than relying on an instruction-only spec. 5) If the skill later asks for secrets, treat that as elevated risk and consider using temporary, least-privilege credentials.

Review Dimensions

Purpose & Capability: concernThe SKILL.md advertises features that normally require extra setup or credentials (database direct-connect for MySQL/Postgres, API interface, private deployment and data warehouse integration), but the skill has no install spec, no code, and declares no required environment variables or config paths. It's unclear how these capabilities would be implemented or invoked.
Instruction Scope: noteThe runtime instructions are high-level and mostly describe what analyses to perform and what input formats to accept (CSV/Excel/JSON or DB connection). They do not instruct the agent to read local system files or hidden environment variables, but they do imply the agent may ask users for DB credentials or for uploaded files—this is not articulated in the instructions.
Install Mechanism: okNo install spec and no code files are present, which minimizes on-disk risk. There is nothing being downloaded or executed by the installer.
Credentials: concernAlthough no env vars or credentials are declared, the skill's advertised features (database direct-connect, API, private deployment, data warehouse integration) inherently require access to credentials and endpoints. The absence of declared required credentials is an incoherence—if the skill later prompts for secrets, this should be treated cautiously.
Persistence & Privilege: okThe skill is not always-enabled and uses default autonomous-invocation settings. It does not request persistent configuration changes or system-wide privileges in the provided materials.