powerdrill-data-analysis
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can act on the user’s Powerdrill resources using the configured API key, including listing, creating, querying, and deleting datasets.
The skill requires Powerdrill account credentials. This is expected for the API integration, but it grants the agent access within the API key’s permissions.
export POWERDRILL_USER_ID="your_user_id" export POWERDRILL_PROJECT_API_KEY="your_project_api_key"
Use a scoped, revocable Powerdrill project API key, set it only when needed, and rotate or revoke it if exposed.
If the wrong dataset ID is deleted, hosted Powerdrill data sources could be permanently removed.
The skill includes an irreversible deletion operation. It is disclosed and purpose-aligned, and the artifact explicitly requires user confirmation.
Permanently delete a dataset and all its data sources. **Irreversible** - always confirm with the user first.
Confirm dataset IDs and user intent before deletion or cleanup, and prefer deleting only temporary datasets created for the current analysis.
Sensitive information in uploaded files may be stored or processed by Powerdrill and reflected in returned analysis outputs.
The client uploads user-selected local file contents to upload URLs returned by Powerdrill’s API. This is central to the skill, but it means local data leaves the machine.
with open(p, "rb") as f:
for part in part_items:
chunk = f.read(part["size"])
put_resp = requests.put(
part["upload_url"],
data=chunk,Upload only files approved for Powerdrill processing, review the service’s data handling terms, and clean up temporary resources when finished.
A compromised or unintended Python environment could affect how the client runs.
The skill relies on a manually installed Python package rather than an install spec. This is disclosed and minimal, but users should install from a trusted package source.
The only Python dependency is `requests`. Install with: `pip install requests`
Install dependencies from the official package index in a trusted environment, and consider pinning dependency versions if packaging this skill for wider use.