ClawHub
Back to skill
v1.0.0

data-engineer

BenignClawScan verdict for this skill. Analyzed Apr 30, 2026, 12:43 PM.

Analysis

This is an instruction-only data engineering helper with no installer, code files, or credential requests, though users should treat the example overwrite write pattern carefully.

GuidanceThis skill appears safe to install as an instruction-only data engineering assistant. Review any generated pipeline code before applying it to production systems, especially examples that overwrite data, and consider the limited source provenance when deciding whether to rely on it for critical workflows.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
references/examples.md
processed_df.write.mode("overwrite").parquet(output_path)

The reference Spark pattern writes using overwrite mode. This is a normal data engineering pattern for controlled batch rebuilds, but it is a destructive data API if copied to an existing output path without safeguards.

User impactIf reused without review, generated or copied pipeline code could replace existing processed data at the chosen output path.
RecommendationBefore running similar code, confirm the destination path, use staging or backups for important data, and prefer explicit user approval for production overwrites.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
metadata
Source: unknown; Homepage: none

The published skill has limited provenance information. Because it has no install spec, code files, or external dependencies, this is a provenance note rather than a concrete malicious supply-chain behavior.

User impactUsers have less external context for who maintains the skill or where its source is hosted.
RecommendationFor production use, prefer skills with clear source provenance or review the included markdown artifacts directly before relying on them.
Cascading Failures
SeverityLowConfidenceHighStatusNote
references/examples.md
processed_df.write.mode("overwrite").parquet(output_path)

A wrong or overly broad output_path in an overwrite operation could replace a downstream dataset. The example is purpose-aligned, but it does not show staging, rollback, or production guardrails.

User impactIf adapted carelessly, a pipeline could propagate missing or incorrect data to downstream reports, jobs, or consumers.
RecommendationUse validation gates, staged writes, backups, rollback plans, and clear production approvals when adapting overwrite-based pipeline examples.