ClawHub

vue-table-操作及导出

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill is coherent for automating a Vue admin demo table, but it will log in, edit table rows, and save an Excel file, so it should only be run when those actions are intended.

Before running it, confirm you want the agent to log into the Vue admin demo, change importance values, and create an Excel file on the Desktop. If adapting this to a real admin system, add explicit user approval before edits and use scoped credentials.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI02: Tool Misuse and Exploitation
Low
What this means

Running the skill can change table records, not just read or export them.

Why it was flagged

The browser workflow is intended to modify records and repeat across pages. This is disclosed and purpose-aligned, but it is still a data-changing automation.

Skill content
修改重要性为 3 星 ... 点击确定按钮保存 ... 直到处理完所有需要的页面。
Recommendation

Run it only on the intended demo or test system, and add an explicit confirmation step before saving if adapting it to real data.

#
ASI03: Identity and Privilege Abuse
Low
What this means

The agent will act under that logged-in account's permissions.

Why it was flagged

The skill uses account credentials to log into the target site. The credentials are plainly disclosed and appear to be demo credentials for the named public app.

Skill content
登录系统(editor/123456) ... 登录凭据为 editor/123456
Recommendation

Use only the intended demo/test account; if using another system, provide narrowly scoped credentials and review permissions first.

#
ASI04: Agentic Supply Chain Vulnerabilities
Info
What this means

The workflow may fail unless openpyxl is already available, or the user may need to install it separately.

Why it was flagged

The instruction-only skill depends on openpyxl, but no install spec or packaged code is provided. This is disclosed and central to the Excel export purpose.

Skill content
使用 openpyxl 库创建和写入 Excel 文件
Recommendation

Use a trusted Python environment and install dependencies only from trusted package sources if needed.