DataMaster Pro

数据分析技能包 - 自动抓取、清洗、可视化、生成报告。适合数据分析师、运营人员，告别 Excel 手工操作。

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 0 · 281 · 0 current installs · 0 all-time installs

by@gdp6539

MIT-0

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

Name and description match the included scripts (data-fetch, data-clean, data-viz, report-generate). However SKILL.md and README reference helper CLI names like /data-fetch, install.bat, run.bat, package.json and other files that are not present in the provided manifest; the skill also advertises database connectors and scheduled tasks while the database function throws an error (it only documents drivers to install). These mismatches are likely sloppy packaging (missing wrapper binaries and supporting files) but are incoherent and should be resolved before trusting the package.

ℹ

Instruction Scope

SKILL.md instructs running CLI commands and providing API tokens in configuration (expected for API scraping). The runtime instructions and scripts operate on user-provided URLs, files and headers only — there is no code that reads unrelated system files or secret environment variables. One caveat: the example config shows Authorization headers (expected for API access) but the skill does not request or require platform credentials. The instructions leave installation details vague (commands shown with leading slashes), giving the agent wide discretion to run unspecified commands if the user follows the examples.

Install Mechanism

There is no install spec in the registry entry (instruction-only), yet the SKILL.md/README assume npm install and mention install.bat/run.bat and package.json. The manifest does not include these helper scripts or package.json content. That mismatch means a user following SKILL.md could attempt to run non-existent installers or try to create global CLI wrappers themselves. Because nothing is downloaded at install time from external URLs, there is lower supply-chain risk, but missing packaging metadata is a deployment risk and could cause users to run ad-hoc install commands.

✓

Credentials

The skill declares no required environment variables or credentials. The examples show Authorization headers for APIs (reasonable and expected). The scripts only use network (user-specified URLs) and local filesystem paths provided by the user; there is no request for unrelated credentials (AWS keys, system tokens, etc.).

✓

Persistence & Privilege

The skill does not request always:true or any elevated platform privileges. It is user-invocable and does not attempt to modify other skills or system-wide configuration in the provided files. That said, report-generate.js uses child_process.execSync which can invoke external programs on the host when generating PDFs/HTML; that increases runtime risk if inputs are not controlled.

Scan Findings in Context

[child_process_execSync] expected: scripts/report-generate.js requires child_process.execSync. Calling external tools (e.g., pandoc/wkhtmltopdf) to render PDFs is plausible for report generation, so execSync is expected for the purpose — but it is a high-risk API if command strings include user-controlled values and are not sanitized. Inspect how execSync is used (which command is built and whether input filenames or template content are interpolated) before running.

[http_https_network_calls] expected: scripts/data-fetch.js uses http/https to fetch web pages and APIs — that is expected for a data-fetching skill. Ensure you only point it at trustworthy/authorized endpoints and are aware it will retrieve and save remote data to local disk.

What to consider before installing

What to check before installing/running: - Packaging: confirm package.json, install.bat/run.bat and any wrapper CLI scripts actually exist in the package. SKILL.md shows top-level commands like /data-fetch but the manifest only contains node scripts under scripts/; you will likely need to run node scripts/* directly or build/install wrappers yourself. - Exec usage: open scripts/report-generate.js and search for execSync calls to see what commands are executed. If filenames or template values are concatenated into shell commands, they can be exploited — avoid running with untrusted inputs or run in an isolated environment. - Missing files: many files referenced in docs (install.bat, run.bat, config.json, TUTORIAL.md) are not present in the manifest. Ask the publisher for the complete package or inspect the repository before use. - Network/data safety: the tool fetches arbitrary URLs and saves data locally. Only target endpoints you own or have permission to scrape; do not pass secrets to third-party or unknown endpoints. Use API tokens in environment variables or config files stored securely. - Run in sandbox first: execute on a non-production machine (or container) and inspect outputs (logs, generated files) and network traffic. Prefer running node scripts directly (node scripts/data-fetch.js etc.) so you control arguments. If you want, I can: (1) point out exact lines where execSync is used and suggest safer alternatives, (2) analyze the full package.json if you provide it, or (3) produce a short checklist/commands to run this safely in a container.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.1

Download zip

latestvk9791gd7dx3qhhthsgx8e5xqms8296tp

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

数据分析技能包 DataMaster Pro

一句话介绍

自动抓取数据、智能清洗、一键可视化、生成专业报告。

解决什么问题？

数据分散：多个来源手动复制粘贴 → 一键抓取聚合
清洗耗时：Excel 公式搞半天 → 自动识别并清洗
图表难看：不会做可视化 → 一键生成专业图表
报告难写：不会写分析 → AI 自动生成洞察

功能清单

🌐 数据抓取：网页爬取、API 对接、数据库连接
🧹 数据清洗：去重、补缺、格式化、异常检测
📊 可视化：折线图、柱状图、饼图、热力图、散点图
📝 报告生成：自动生成数据分析报告（Markdown/HTML/PDF）
🔄 定时任务：支持定时抓取和分析

快速开始

安装

# 进入技能包目录
cd data-analysis-skill
npm install

使用命令

# 网页数据抓取
/data-fetch <URL> --selector "table.data"

# API 数据获取
/data-api <API_URL> --method GET --output data.json

# 数据清洗
/data-clean data.json --rules clean-rules.json

# 生成可视化图表
/data-viz data.csv --type bar --title "销售趋势"

# 完整分析报告
/data-report data.csv --template business --output report.md

配置示例

{
  "sources": [
    {
      "type": "web",
      "url": "https://example.com/data",
      "selector": "table tbody tr",
      "schedule": "0 9 * * *"
    },
    {
      "type": "api",
      "url": "https://api.example.com/v1/data",
      "headers": {
        "Authorization": "Bearer TOKEN"
      }
    }
  ],
  "cleaning": {
    "removeDuplicates": true,
    "fillMissing": "mean",
    "normalizeColumns": ["price", "quantity"]
  },
  "visualization": {
    "defaultChartType": "bar",
    "colors": ["#4CAF50", "#2196F3", "#FF9800"],
    "width": 800,
    "height": 400
  }
}

文件结构

data-analysis-skill/
├── SKILL.md           # 技能定义（本文件）
├── README.md          # 产品说明
├── TUTORIAL.md        # 傻瓜式教程
├── install.bat        # 一键安装
├── run.bat            # 一键运行
├── config.json        # 配置示例
├── package.json       # 依赖管理
├── scripts/           # 核心代码
│   ├── data-fetch.js  # 数据抓取
│   ├── data-clean.js  # 数据清洗
│   ├── data-viz.js    # 可视化生成
│   └── data-report.js # 报告生成
├── templates/         # 报告模板
│   ├── business.md    # 商业报告模板
│   ├── technical.md   # 技术报告模板
│   └── weekly.md      # 周报模板
└── examples/          # 示例文件
    ├── sample-data.csv
    └── sample-report.md

核心脚本说明

data-fetch.js - 数据抓取

支持三种数据源：

网页抓取：CSS 选择器提取表格/列表数据
API 请求：GET/POST 请求，支持认证
数据库：MySQL/PostgreSQL/MongoDB 连接

data-clean.js - 数据清洗

去重、去空值
格式标准化（日期、数字、文本）
异常值检测与处理
数据类型转换

data-viz.js - 可视化

自动推荐最佳图表类型
支持自定义样式
输出 SVG/PNG/HTML

data-report.js - 报告生成

AI 驱动的数据洞察
多种模板可选
支持导出 Markdown/HTML/PDF

适用人群

数据分析师
运营人员
市场研究员
产品经理
财务人员

价格

基础版：¥99（网页抓取+基础清洗+5种图表）
进阶版：¥199（API对接+高级清洗+10种图表+报告模板）
专业版：¥299（数据库连接+AI洞察+定制模板+1对1指导）

开发者：AI-Company 联系：通过ClawHub

Files

9 total

Select a file

Select a file to preview.

Comments

Loading comments…