majia-guanyuan
WarnAudited by ClawScan on May 13, 2026.
Overview
The skill is coherent for Guandata BI automation, but it gives the agent powerful BI write/delete abilities and persistent self-editing instructions that users should review carefully.
Install this only if you intend to let an agent operate your Guandata BI environment. Before use, configure a least-privilege BI account, require explicit approval for all write/delete/execute operations, test changes on copied pages or folders, inspect any custom JavaScript, and avoid persistent logging of sensitive payloads unless you have reviewed and sanitized it.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with a privileged BI account, the agent could change or remove dashboards, datasets, or ETL pipelines.
The normal workflow includes raw Guandata BI API calls that create/update/run and delete ETL or dataset objects. These are high-impact production mutations, and the provided artifacts do not show mandatory confirmation, backup, or rollback controls.
“POST /api/etl/direct-save” ... “DELETE /api/data-source/ 必须先于 DELETE /api/etl/”
Use a least-privilege or test BI account, require explicit human approval for every write/delete/execute action, work on copied pages or folders first, and keep backups or rollback IDs.
Private business data or implementation details could be written into persistent local skill files and reused in later sessions.
The skill instructs the agent to persist runtime errors and payload snippets into long-lived skill or planning documents. That can store sensitive BI details and alter future agent context without a clear opt-in boundary.
“遇到意外的错误立即把它落到 SKILL.md ... 或 ExecPlan 的 Surprises & Discoveries ... 含 task error 原文、payload 片段”
Make this logging opt-in, sanitize payloads and errors before saving, prefer task-scoped notes over SKILL.md edits, and review any persistent updates before keeping them.
Anyone or any process that can read the local config file may be able to access the BI instance with that account’s privileges.
The skill requires local plaintext Guandata BI credentials. This is disclosed and purpose-aligned, but it gives the agent access to the user’s BI account.
“配置文件: config.json(含明文凭据,已被 .gitignore 排除)” ... “login_id / password ✅”
Use a dedicated least-privilege BI account, protect file permissions on config.json, avoid sharing the skill directory, and rotate credentials if the file may have been exposed.
Poorly reviewed chart code could break dashboards, expose data inside the BI page, or create confusing UI behavior.
Custom HTML/CSS/JS injection is an explicitly advertised feature for BI chart development. It is purpose-aligned, but injected JavaScript can affect BI pages if unsafe.
“自定义图表 HTML/CSS/JS 注入、固定卡片/overlay、payload_json 取数、路由清理”
Review injected JavaScript, avoid third-party scripts unless trusted, test on copied pages first, and remove/debug overlay code after validation.
A tampered tarball could install untrusted skill code into the agent environment.
The artifacts document an optional dependency workflow involving manually transferred tarballs and removal of macOS quarantine metadata. Without checksum/signature verification in the provided evidence, this weakens provenance safeguards.
“从微信传 tarball 到 <bin> install-skill 的四步法” ... “xattr -dr com.apple.quarantine”
Prefer direct installation from a trusted registry or internal package source, verify checksums or signatures, and only remove quarantine after independently confirming the file’s origin.