ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ai Intelligent Data Catalog

数据目录,数据资产 + 元数据管理。

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 31 · 0 current installs · 0 all-time installs
by@yang1002378395-cmyk
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (data catalog / metadata management) align with the SKILL.md features (asset registration, metadata collection, search). However the package has no homepage/source declared in metadata and the SKILL.md directs the user to clone a GitHub repo (external code) that is not included in the skill bundle; that mismatch is worth noting.
!
Instruction Scope
Runtime instructions explicitly tell the agent/user to git clone a repository and run pip install and python app.py. That means the agent would fetch and execute arbitrary third-party code at runtime — an action beyond simply calling APIs or running small helper commands and not validated as part of the skill. The instructions do not describe required credentials, config files, or network exposure that the cloned app may need.
!
Install Mechanism
There is no formal install spec, but SKILL.md instructs a git clone from GitHub and installing requirements.txt then running app.py. Fetching and executing external code is inherently higher risk even when hosted on GitHub; the skill does not include the repo contents for review and does not pin a commit or release.
Credentials
Skill declares no required environment variables or credentials, which is consistent with the provided metadata. However the external application the instructions install/run almost certainly will need configuration (DB credentials, API keys) that are not declared here — a potential omission that could lead to requesting sensitive credentials later.
Persistence & Privilege
The skill is not forced-always and is user-invocable only. Nevertheless the instructions start a Python web application (python app.py), which could create a long-running service on the host and open network ports. That persistent runtime behavior is not surfaced in the skill metadata and increases the attack surface.
What to consider before installing
This skill appears to be a legitimate data-catalog project but asks you to git clone and run an external GitHub repository that is not bundled with the skill. Before installing or running it: (1) Inspect the GitHub repository (source code, requirements.txt, README, recent commits, and issues) to confirm intent and safety. (2) Prefer cloning a pinned release or commit rather than HEAD. (3) Run the code in a sandboxed environment or VM (not on a production machine). (4) Be cautious about providing database credentials, API keys, or opening ports — only provide secrets that are strictly necessary and understand where they will be stored/used. (5) If you need higher assurance, request the repository contents be bundled with the skill or ask the author for a detailed security/privacy description.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
chinesevk97etf1vrc53f4bnkng25yq09983t9m4latestvk97etf1vrc53f4bnkng25yq09983t9m4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📈 Clawdis

SKILL.md

AI 智能数据目录系统

描述

数据目录,数据资产 + 元数据管理。

功能

  • 数据资产(资产登记)
  • 元数据管理(自动采集)
  • 数据搜索(智能搜索)
  • 数据字典(字典管理)
  • 数据分类(分类标签)

定价

  • 基础版:¥199/月(100 表)
  • 专业版:¥999/月(1000 表)
  • 企业版:¥2999/月(无限表)

适用场景

  • 数据治理
  • 数据管理
  • 数据资产
  • 元数据管理

技术栈

  • Python + FastAPI
  • 元数据采集
  • 数据搜索
  • 分类标签

安装

git clone https://github.com/openclaw-skills/ai-intelligent-data-catalog
cd ai-intelligent-data-catalog
pip install -r requirements.txt
python app.py

创建:2026-03-13 作者:OpenClaw Skills Team

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…