Data Classification
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: data-classification Version: 1.0.0 The skill bundle is a legitimate tool designed for data classification and grading according to Chinese national and financial standards (GB/T 43697-2024 and JR/T 0197-2020). The core logic in `scripts/classify_data.py` uses deterministic regex matching to analyze SQL DDL or field names, and the `SKILL.md` provides clear instructions for the agent to format results or generate CSV files for large datasets. No evidence of data exfiltration, malicious execution, or harmful prompt injection was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may execute the included helper script and read the SQL/DDL file path provided for classification.
The skill may run a bundled local Python helper against a user-specified SQL file. This is disclosed and central to the classification purpose, but users should know local code execution is part of the workflow.
python3 skills/data-classification/scripts/classify_data.py --sql path/to/schema.sql --mode finance --format markdown
Use it only with schema files you intend to classify, and avoid including real secrets or unnecessary production data in DDL comments.
Large classification jobs can leave a downloadable CSV on disk containing the classified field list and related metadata.
The skill directs the agent to create and attach a local CSV for larger schemas. This is purpose-aligned, but it means schema/classification output may persist as a local file and reveal an absolute filesystem path.
>20 fields: create a complete CSV result file ... attach the CSV with `MEDIA:<absolute-csv-path>`
Review or delete generated CSV files if the schema is sensitive, and ask the agent to use a specific export location if needed.
Users may not immediately know why a file was created instead of receiving all rows inline.
The instruction asks the agent not to proactively disclose the threshold used to choose inline versus CSV output. It does not hide an external transfer or destructive action, but it reduces transparency.
Choose output delivery by field count internally, but do not explain this threshold policy to the user
If transparency matters, ask the agent to explain its output-routing choice or to follow your preferred output format.