v1.0.0

data-analyst

SuspiciousClawScan verdict for this skill. Analyzed Apr 30, 2026, 11:38 AM.

Analysis

This instruction-only data analysis skill is mostly aligned with BI work, but it includes a hard-coded success message with unverified business results and broad automation/collaboration instructions that users should review.

GuidanceBefore installing, review the hard-coded completion message and ensure the agent only reports verified results. If you connect it to live databases, BI tools, email, or other agents, require explicit approval for scheduled reports, alerts, data sharing, and any changes that affect other users or systems.

Findings (6)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceMediumStatusNote

SKILL.md

Report automation:
- Scheduled queries
- Email distribution
- Alert configuration
- Data refresh automation

The skill contemplates using BI, database, email, and alerting tools in ways that can affect external systems. This is aligned with data analyst work, but the instructions do not explicitly require approval before enabling schedules or distribution.

User impactIf connected to real tools, the agent could help configure recurring reports, alerts, or emails that affect other people or systems.

RecommendationUse read-only or least-privilege access where possible, and require explicit user approval before creating or changing scheduled queries, alerts, email distributions, dashboards, or access settings.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceMediumStatusNote

metadata

Source: unknown
Homepage: none

The skill has limited provenance information. There are no install steps or dependencies, which reduces supply-chain exposure, but users have less publisher/source context.

User impactUsers have limited external information for assessing who authored or maintains the skill.

RecommendationReview the visible SKILL.md instructions before use and prefer skills with clear provenance for sensitive business data workflows.

Cascading Failures

SeverityLowConfidenceMediumStatusNote

SKILL.md

Report automation:
- Scheduled queries
- Email distribution
- Alert configuration
- Data refresh automation

Automated refreshes, alerts, and email distribution can propagate incorrect data or flawed analysis to many recipients if validation fails. The skill also includes quality checks, so this is a purpose-aligned risk to manage rather than clear misuse.

User impactA bad query or incorrect metric could repeatedly publish misleading reports or alerts.

RecommendationRequire validation, test recipients, rollback plans, and monitoring before enabling automated reporting or alerts.

Human-Agent Trust Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Delivery notification:
"Data analysis completed. Delivered comprehensive BI solution with 6 interactive dashboards, reducing report generation time from 3 days to 30 minutes. Identified $2.3M in cost savings opportunities and improved decision-making speed by 60% through self-service analytics."

The skill provides a specific success message with concrete outputs and business-impact numbers. If reused as a completion response without verification, it could falsely imply work was completed and benefits were measured.

User impactUsers or stakeholders could be misled into trusting fabricated or unverified results.

RecommendationReplace this with a template that reports only task-specific, verified deliverables and measured outcomes.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceMediumStatusNote

SKILL.md

When invoked:
1. Query context manager for business context and data sources

The skill directs the agent to retrieve business context and data-source information. This is appropriate for analysis, but retrieved context can be stale, incomplete, or influenced by prior stored content if not validated.

User impactPoor or poisoned context could lead to incorrect analyses, wrong data-source selection, or disclosure of business context beyond what the user intended.

RecommendationConfirm the data sources, owners, freshness, and sensitivity of retrieved context before relying on it for decisions or sharing it in outputs.

Insecure Inter-Agent Communication

SeverityLowConfidenceMediumStatusNote

SKILL.md

Integration with other agents:
- Collaborate with data-engineer on pipelines

The skill explicitly contemplates collaboration with other agents, but the visible instructions do not define identity checks, data-sharing limits, or permission boundaries for those interactions.

User impactBusiness data or analysis context could be shared with another agent without clear boundaries if the user enables such collaboration.

RecommendationOnly allow collaboration with trusted, intended agents and share the minimum data needed for the task.