majia-guanyuan
PassAudited by VirusTotal on May 13, 2026.
Overview
Type: OpenClaw Skill Name: guanyuan-majia Version: 2.1.0 The skill bundle is a comprehensive and well-documented toolset for managing Guandata BI (观远 BI) instances. It consists of a Python API client (scripts/guandata.py), a Node.js installer (bin/install.js), and extensive instructions for AI agents (SKILL.md). The code logic is entirely consistent with the stated goals of data querying, ETL management, and custom chart development. Sensitive credentials are managed locally via a gitignored config.json and are only transmitted to the user-specified BI endpoint. While the skill involves high-privilege operations like ETL modification and custom JS injection within the BI platform, these are legitimate features of the target system, and the instructions provided to the agent are focused on operational accuracy and error handling rather than malicious exploitation or data exfiltration.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with a privileged BI account, the agent could change or remove dashboards, datasets, or ETL pipelines.
The normal workflow includes raw Guandata BI API calls that create/update/run and delete ETL or dataset objects. These are high-impact production mutations, and the provided artifacts do not show mandatory confirmation, backup, or rollback controls.
“POST /api/etl/direct-save” ... “DELETE /api/data-source/ 必须先于 DELETE /api/etl/”
Use a least-privilege or test BI account, require explicit human approval for every write/delete/execute action, work on copied pages or folders first, and keep backups or rollback IDs.
Private business data or implementation details could be written into persistent local skill files and reused in later sessions.
The skill instructs the agent to persist runtime errors and payload snippets into long-lived skill or planning documents. That can store sensitive BI details and alter future agent context without a clear opt-in boundary.
“遇到意外的错误立即把它落到 SKILL.md ... 或 ExecPlan 的 Surprises & Discoveries ... 含 task error 原文、payload 片段”
Make this logging opt-in, sanitize payloads and errors before saving, prefer task-scoped notes over SKILL.md edits, and review any persistent updates before keeping them.
Anyone or any process that can read the local config file may be able to access the BI instance with that account’s privileges.
The skill requires local plaintext Guandata BI credentials. This is disclosed and purpose-aligned, but it gives the agent access to the user’s BI account.
“配置文件: config.json(含明文凭据,已被 .gitignore 排除)” ... “login_id / password ✅”
Use a dedicated least-privilege BI account, protect file permissions on config.json, avoid sharing the skill directory, and rotate credentials if the file may have been exposed.
Poorly reviewed chart code could break dashboards, expose data inside the BI page, or create confusing UI behavior.
Custom HTML/CSS/JS injection is an explicitly advertised feature for BI chart development. It is purpose-aligned, but injected JavaScript can affect BI pages if unsafe.
“自定义图表 HTML/CSS/JS 注入、固定卡片/overlay、payload_json 取数、路由清理”
Review injected JavaScript, avoid third-party scripts unless trusted, test on copied pages first, and remove/debug overlay code after validation.
A tampered tarball could install untrusted skill code into the agent environment.
The artifacts document an optional dependency workflow involving manually transferred tarballs and removal of macOS quarantine metadata. Without checksum/signature verification in the provided evidence, this weakens provenance safeguards.
“从微信传 tarball 到 <bin> install-skill 的四步法” ... “xattr -dr com.apple.quarantine”
Prefer direct installation from a trusted registry or internal package source, verify checksums or signatures, and only remove quarantine after independently confirming the file’s origin.