Data Analysis Reporting
v0.1.0Turn raw business data (CSV, SQLite, spreadsheets, pasted tables) into clear analytical summaries, trend analysis, and actionable reports for small business...
⭐ 0· 13·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (business data -> reports) aligns with the SKILL.md and spec. The skill only claims capabilities it documents (CSV/markdown/SQLite ingestion, summary stats, trends, cohorts, templates). It does not request unrelated credentials or binaries.
Instruction Scope
Runtime instructions focus on: asking clarifying questions, ingesting and validating only user-provided data, proposing a plan, running analyses, and producing reports. The SKILL.md explicitly forbids connecting to external systems without user setup and requires PII detection and exclusion. There are no instructions to read arbitrary system files or to transmit data to external endpoints.
Install Mechanism
No install spec and no code files — the skill is instruction-only, which minimizes attack surface. All files present are documentation and templates; nothing would be downloaded or executed on install.
Credentials
The skill declares no required environment variables, credentials, or config paths. That is proportionate for a paste-upload analysis tool that operates on user-supplied data.
Persistence & Privilege
always is false and there is no indication the skill requests persistent system privileges or modifies other skills. Agent autonomous invocation is allowed by default (platform behavior) but this skill does not request extra persistent presence.
Assessment
This skill is internally consistent and low-risk as an instruction-only analyzer, but consider these practical points before enabling it: (1) Do not paste sensitive PII or secrets — although the spec requires PII detection and exclusion, pasted sensitive values could be exposed in chat history; test on synthetic or redacted data first. (2) Verify the publisher/owner if you require provenance — the registry metadata shows no homepage and an unknown source. (3) If you plan to connect real production systems or enable automation later, require explicit user-configured connectors and audit those credentials separately. (4) Because it can be invoked autonomously (platform default), enable/disable the skill according to your agent autonomy settings if you want to limit automatic activations. Overall, the skill appears coherent with its stated purpose; treat it like a documentation-driven assistant and avoid sharing unrecoverable secrets or raw PII in prompts.Like a lobster shell, security has layers — review code before you run it.
latestvk97cdrthz5zwe49j5b7c9vhdns84czw3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.