Full-Link Data Analysis
PassAudited by ClawScan on May 14, 2026.
Overview
The provided artifacts describe a coherent business data-analysis skill, with the main caution that it may run generated Python code and install Python packages.
This appears safe to use for ordinary business data analysis, but treat it like any tool that runs code over your data: use a sandbox or virtual environment, approve package installs, avoid giving unnecessary sensitive data or broad database/API access, and review the generated report before sharing it.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Generated analysis code can access the files and Python environment available to the agent, so mistakes or overly broad data access could affect local data or outputs.
The skill explicitly directs the agent to generate and run Python code as part of the analysis workflow.
The Agent writes Python analysis code as needed... Write and execute Python script for selected method(s)
Run analyses in a controlled workspace or virtual environment, review unusual code or commands before execution, and provide only the data needed for the task.
Runtime package installation can change the Python environment and may fetch third-party code from package repositories.
The skill may install Python packages at runtime, but the artifacts do not provide a pinned dependency list or install specification.
Environment Check: `pip list` to confirm `pandas`, `numpy` availability; install missing packages
Approve package installs explicitly, use trusted package sources, and prefer a project-specific virtual environment with pinned versions.