Coding
ReviewAudited by ClawScan on May 10, 2026.
Overview
This instruction-only coding skill is transparent about building a dashboard, but it also tells the agent to create database structures, insert user-provided data, and poll an external API without clear scope or approval steps.
Use this skill only if you intend the agent to create database structures, store the provided data, and build a dashboard that polls the listed external API. Before using it, define the exact database/collection, confirm the endpoint is trusted, and require approval before any database write.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could modify a real database or persist data in a place the user did not intend if the environment exposes database tools.
The skill tells the agent to use database tools to create structures and insert the data it receives, but it does not specify the target database, approval workflow, isolation, or rollback limits.
需要调用工具在数据库中建立结构... 注意将传给你的数据信息插入到创建好的数据库结构中。
Use only in a clearly scoped sandbox or approved project database, and require explicit user confirmation before schema creation or data insertion.
User-provided data may become persistent and later retrievable by the generated dashboard or related API.
The skill stores whatever data is provided into a created database structure; this is purpose-aligned for a dashboard, but the artifact does not describe retention, deletion, or reuse boundaries.
将传给你的数据信息插入到创建好的数据库结构中
Avoid providing sensitive data unless the storage location, retention policy, and deletion process are understood.
A deployed dashboard may repeatedly send session-scoped identifiers and collection names to the specified external service.
The generated dashboard is expected to call an external API with a session group identifier and collection name every 60 seconds; this is disclosed, but it is still an external session-scoped data flow.
接口地址为:https://teamo-dev.floatai.cn/api/engine/generalDataApi,method="post",入参为{"session_group_id":"$SESSION_GROUP_ID$", "collection_name":${表名}}... 间隔60S轮训接口Confirm the endpoint is trusted, do not expose session identifiers in public pages, and ensure polling is appropriate for the data and deployment context.