ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Data Model Designer

v1.0.1

面向中国建设工程项目的数据模型设计工具。创建实体关系图、定义数据模式、生成数据库结构,符合GB/T标准体系。

0· 12·0 current·0 all-time
by@ruiyongwang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md describes and documents a coherent tool for creating entities, relationships, and generating SQL/JSON schemas for construction projects (including GB/T references). That purpose matches the code samples and instructions. However, package metadata is inconsistent across files: SKILL.md uses 'cn-construction-data-model' while claw.json and _meta.json use 'data-model-designer'; ownerId values differ between registry metadata and _meta.json; and version numbers do not match. These discrepancies reduce provenance confidence and should be explained.
Instruction Scope
instructions.md and the visible SKILL.md content focus on receiving user-provided data (CSV/Excel/JSON/direct input), validating it, and generating schemas and reports. There are no instructions (in the visible content) to read arbitrary system files, call external endpoints, or exfiltrate data. The SKILL.md explicitly says to only use user-provided data.
Install Mechanism
This is an instruction-only skill with no install spec and no code files that would be downloaded/executed by the platform. That reduces installation risk.
Credentials
The skill declares no required environment variables or credentials, which is appropriate. However, claw.json lists a 'permissions' entry of ["filesystem"]. That implies the skill requests filesystem access (read/write). Filesystem access can be reasonable for processing user-uploaded project files, but it is broader than 'no required config paths' and should be justified: confirm whether access is limited to user-supplied file paths or if it can read arbitrary host files.
Persistence & Privilege
The skill is not 'always' enabled, does not declare persistence or system-wide configuration changes, and does not request other skills' credentials. Autonomous invocation is allowed (platform default) but does not combine here with other high-risk indicators.
What to consider before installing
Before installing or using this skill: 1) Ask the publisher to explain and reconcile metadata mismatches (name/slug/version/owner) and provide a homepage or source repository for verification. 2) Confirm what 'filesystem' permission means in practice — insist access be limited to user-provided file paths and temporary working directories; avoid granting access to system or home directories. 3) Don't feed sensitive credentials or production data until provenance is confirmed; test the skill with synthetic or non-sensitive sample projects in a sandbox. 4) Prefer skills with consistent metadata, a verifiable publisher, and an audit trail (homepage, repo, changelog). If the publisher cannot explain the inconsistencies and the filesystem access scope, treat the package as untrusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a47h7810maf9gtq1bva4cw9848061

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments