Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
data-bird
v1.0.0轻量级数据分析 Agent。支持工作区表格与通过 http(s) 下载的 CSV/Excel,按自然语言生成 ECharts 与文字结论。(公开发布版说明)
⭐ 0· 132·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name/description (CSV/Excel → charts & reports) match the shipped code (data loading, analysis, charting, report generation). However the runtime instructions ask the agent to download arbitrary http(s) URLs (explicitly including intra‑net and localhost) using shell curl rather than a platform fetch utility; that choice is not necessary for the described capability and increases risk.
Instruction Scope
SKILL.md tells the agent to run exec commands (mkdir, curl, python scripts) and to search workspace and skill directories for files. It explicitly instructs downloading '任意可下载 URL(含内网、本机)' with curl, and to prefer shell fetch over a (presumably safer) platform web_fetch. This gives the skill the ability to access internal endpoints and arbitrary local files and to write to workspace paths — broader than a minimal CSV-analyze scope.
Install Mechanism
No install spec (instruction-only install) — lowers install-time risk. A requirements.txt is present (pandas, mysql connector, plotting/pdf libs) which is proportionate to a data analysis/reporting tool. No remote arbitrary binary downloads observed in install metadata.
Credentials
The skill declares no required env vars or credentials (good). Code does read optional env vars (OPENCLAW_WORKSPACE, FILE_DOWNLOAD_BASE) to locate workspace roots and will write artifacts there. DataAgent supports MySQL if user supplies DB config; that is expected. Still: the ability to curl arbitrary URLs and to read filesystem paths means sensitive internal endpoints or files could be accessed if misused.
Persistence & Privilege
always:false and normal autonomous invocation. The skill writes reports into workspace/output directories (expected for reporting). It does not request to modify other skills or agent-wide settings, nor declare always:true.
What to consider before installing
This skill appears to implement legitimate CSV/Excel analysis, but the SKILL.md explicitly tells the agent to use shell curl to download arbitrary URLs (including internal / localhost) and to scan workspace directories. That pattern enables SSRF/internal scanning and potential data exfiltration if an attacker supplies a malicious URL or if the agent is tricked into fetching internal endpoints. Before installing or enabling this skill:
- Prefer a version that uses the platform's safe HTTP fetch helper (web_fetch) or vetted SDK rather than exec curl. Ask the author to remove the explicit 'use curl' instruction.
- Do not provide sensitive URLs, database credentials, or paths unless you run the skill in an isolated environment.
- Audit config.yaml and ensure enable_mysql is false unless you intentionally provide DB credentials; limit max_rows/max_file_mb to safe values.
- Run the skill in a sandboxed agent (no access to production internal networks) or review/execute the code in an offline environment first.
- If you must use it, inspect the code paths that handle downloads and file I/O (scripts/main.py, report_artifacts.py, data_agent.py) and consider enforcing allowlists for download domains and filesystem paths.Like a lobster shell, security has layers — review code before you run it.
latestvk978awjce8fe25s758t74qcmj1837bjp
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📊 Clawdis