Pugongying Data Skill
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a coherent data-engineering workflow skill with local file-generation and optional shell setup steps, but no provided artifact shows credential misuse, exfiltration, or destructive behavior.
This skill is reasonable for data-engineering assistance. Before installing, be prepared to review generated files, optional initialization scripts, SQL, ETL, and any deployment-related suggestions; run commands only in a scoped workspace and keep secrets out of generated YAML packages.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked, the skill may propose or perform local file edits and commands as part of creating data-engineering artifacts.
The skill documents broad local read/write and command capabilities for architecture workflows.
工具权限:Read, Grep, Glob, Edit, Write, Bash
Run it in a scoped project workspace and review generated edits, SQL, ETL, and commands before approval.
Running the helper script can create or modify files in the target directory.
The skill provides a user-directed shell script command to initialize a project skeleton.
bash .claude/skills/architecture-designer/scripts/init-project.sh ./data-platform "企业级数据平台"
Inspect the init script first and run it only in the intended project directory.
Incorrect or unreviewed upstream package files may propagate through the workflow and affect later generated outputs.
The suite is designed to pass outputs between modules automatically, so upstream mistakes can influence downstream generated SQL, ETL, data-quality, and testing artifacts.
本Skill套件包含智能联动中枢,支持模块间自动数据流转
Review each generated package file before using it as input to the next stage, especially before deployment-related steps.
Those files can carry sensitive project details or misleading instructions into later steps if not reviewed.
The skill persists structured YAML outputs that become context for later module invocations.
每个模块输出标准化的YAML包文件,便于模块间数据交换
Keep generated package files in a controlled project folder, review their contents, and do not include credentials or secrets.