ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

data-skill

v1.0.0

专门处理日常办公场景下的高频、复杂数据分析与处理的助手。使用本地代码执行模式(SQL 或 Python + SQLite)来处理数据导入、清洗、查询、提取、合并拆分及报告生成,支持大数据量且保障数据隐私安全。当用户需要处理 Excel/CSV 文件、跨表查询、生成图表或输出数据分析报告时使用此 Skill。

0· 76·0 current·0 all-time
by@lgwanai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description align with included scripts (data_importer.py, data_cleaner.py, chart_generator.py, exporter) and many ECharts templates/assets; those files are consistent with a local data-analysis/charting assistant. However, the registry metadata does not declare required runtimes/binaries even though SKILL.md and the scripts expect Python and sqlite3 (and the requirements.txt lists pandas/thefuzz/etc.). That mismatch (no declared required binaries or install steps) is an incoherence to be aware of.
!
Instruction Scope
SKILL.md explicitly instructs the agent to generate and run local Python/SQLite commands (python scripts/... and sqlite3 commands) and to start a local HTTP server to serve charts. Those instructions are within the described purpose but the file contains examples with a hard-coded absolute path (e.g., /Users/wuliang/...) which is inappropriate and brittle. The SKILL.md also instructs to keep data local and only surface aggregates — good practice — but the presence of a pre-scan 'base64-block' prompt-injection signal in SKILL.md is concerning (could hide encoded instructions). You should review SKILL.md and the scripts for any hidden/encoded content and confirm the server binding behavior (does it bind localhost only or 0.0.0.0?).
!
Install Mechanism
The skill has no install spec (instruction-only), yet it contains many executable scripts and a requirements.txt. Because nothing is declared to be installed automatically, an agent or user would need to run pip/other commands manually; the absence of an install mechanism but presence of code and dependency list is inconsistent. There are no external download URLs in the provided metadata (which is lower risk), but lack of guidance increases the chance of accidental insecure setup (e.g., running scripts without vetting).
Credentials
The skill requests no environment variables or credentials, which is appropriate for a purely local data tool. Still, SKILL.md's chart generator auto-starts a local HTTP server and returns an access URL; you should confirm that server.py does not expose the service to external networks or attempt to transmit data outward. Also check that the scripts do not reference unexpected environment variables or config files at runtime.
Persistence & Privilege
The skill is not marked always:true and requests no special platform privileges. It does not claim to alter other skills or system-wide agent settings. Running the included local HTTP server and writing outputs to an outputs/ directory is normal for this type of tool, but you should verify server binding and file paths before use.
Scan Findings in Context
[base64-block] unexpected: A base64-block pattern was detected in SKILL.md. Base64 blocks can conceal instructions or encoded payloads; this is not expected for a transparent local data-analysis skill. Inspect SKILL.md and all scripts for encoded or obfuscated content before running.
What to consider before installing
This skill appears to implement a local data-import/clean/visualization workflow and includes many helper scripts and chart templates, but there are several red flags you should check before installing or running it with real or sensitive data: 1) Verify runtimes and dependencies: The skill's SKILL.md assumes Python and sqlite3 and there is a requirements.txt (pandas, thefuzz, openpyxl, etc.), but the registry metadata does not declare required binaries or an install step. Ensure you install dependencies in an isolated virtualenv and do not run anything until you review the code. 2) Audit the code (especially server.py and data_exporter/data_importer): Look for any network code or server binding (check whether any HTTP server binds to 0.0.0.0), hard-coded external endpoints, calls that might send data off-host, or attempts to read unexpected system paths. If the server binds to a network interface, restrict it to localhost or run behind a firewall. 3) Search for encoded/obfuscated content: The scanner found a base64-block in SKILL.md. Search SKILL.md and scripts for base64 strings or other obfuscated payloads and decode them to verify intent before execution. 4) Correct hard-coded paths: Examples in SKILL.md include absolute paths (e.g., /Users/wuliang/...). Update to relative workspace paths or confirm they won’t overwrite user files. 5) Test with non-sensitive data in an isolated environment: Run the skill on synthetic data in a sandbox/container to confirm behavior, verify the undo/non-destructive mechanisms, and observe whether the local HTTP server only serves local files. 6) If you lack capacity to audit the code, treat it as untrusted: do not run on confidential data. Consider asking the author for a minimal install/run guide that declares required binaries and explains how the server binds and what URLs it returns. If you confirm the above (no hidden network exfiltration, server bound to localhost, no obfuscated payloads), the skill's functionality is coherent with its stated purpose. Until then, proceed cautiously.
assets/echarts/echarts.min.js:45
Dynamic code execution detected.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk9719ss6904as11btmn2rkahcn83ct4p

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments