ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Csv Analyzer

v1.0.0

Analyze CSV/Excel files with natural language. Get statistics, filter rows, find anomalies, generate summaries, and export results. No pandas needed — uses P...

0· 818·5 current·6 all-time
byShihao Jiang (Zac)@zacjiang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (lightweight CSV analysis) align with the included Python script and SKILL.md. The script implements stats, filtering, top/bottom, anomaly detection, grouping, and export using only the Python stdlib — consistent with the stated purpose. No extraneous env vars, binaries, or config paths are requested.
Instruction Scope
SKILL.md instructs running the included script against local CSV files; the script only reads supplied file paths and writes an optional output CSV. There are no network calls or references to unrelated system files. Minor note: the filter implementation uses eval(...) for numeric comparisons, but the operator token is constrained by a regex to a small set of comparison operators, and values are cast to float for numeric comparisons, so risk is limited. Also, the filter regex restricts column names to \w+ (no spaces/special chars), which is a usability limitation rather than a security mismatch.
Install Mechanism
No install spec; the skill is instruction-only with a single Python script included. Nothing is downloaded or written at install time.
Credentials
The skill requires no environment variables, credentials, or config paths — appropriate for a local CSV analyzer that operates on user-supplied files.
Persistence & Privilege
always is false and the skill does not request persistent/system-wide changes. It does not modify other skills or agent config; standard autonomous invocation settings apply.
Assessment
This skill appears to be what it says: a lightweight, local CSV analyzer. Before installing or running it, consider: (1) it will read any file path you provide — don't point it at system secrets or files you don't want processed; (2) outputs are written as CSV and opening them in spreadsheet software can expose CSV/Excel formula-injection risks if the source data contains formulas (sanitize or inspect exported files before opening in Excel); (3) the filter command limits column names to alphanumeric/underscore (no spaces) and numeric comparisons use eval on a constrained operator token — while that is limited, avoid running it on untrusted or specially-crafted files if you have strong threat concerns; (4) for very large files (>100MB) this script loads into memory and may be slow; consider using a streaming tool or pandas for big datasets. Overall, there are no hidden network endpoints or credential requests, and the code matches the documentation.

Like a lobster shell, security has layers — review code before you run it.

latestvk97egmn6x80cjw4y54hcdcysnd82ej2w

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments