ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Excel Auto Clean

v1.0.1

自动整理Excel表格、去重、排序、生成报表

0· 142·1 current·1 all-time
by橙子@sfxia
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The SKILL.md describes straightforward Excel operations (remove blanks, dedupe, sort, save). The code's main logic delegates to require('./excel-handler'), but that file is not included in the package. This means the implementation required to perform the stated work is missing — the package as distributed cannot actually do what it claims.
!
Instruction Scope
SKILL.md asks the agent to let the user pick a file, read/modify it, and 'save new file to desktop' — which implies filesystem read/write of user files. The code returns a success message '新文件已保存至桌面' without showing any file operations (those would be in the missing excel-handler). Because the actual file-handling code is absent, it's unclear what would run and what data would be written or transmitted.
Install Mechanism
There is no install spec and no external downloads; the skill is instruction/code-only. The only external require is '@clawhub/skill-sdk', which the code comments claim is provided by the platform. No third-party fetches or archive extraction are present in the repo.
Credentials
The skill declares no required environment variables and no config paths. The code uses a platform billing SDK (SkillPay) and assumes the platform injects the SkillPay API key; this is plausible for platform-hosted skills. There are no explicit requests for unrelated credentials, but the payment flow means users will be asked to complete a purchase via a generated payUrl — verify that URL comes from the platform.
Persistence & Privilege
The skill does not request always:true, does not declare persistent system-wide modifications, and does not ask to change other skills' configs. It follows the platform default that allows autonomous invocation, which by itself is not a new concern.
What to consider before installing
Do not install or pay for this skill yet. Key issues: (1) the core implementation (./excel-handler) is missing — the package cannot perform the Excel operations it advertises; (2) the code performs payment checks and will present a pay link — confirm the payUrl originates from the platform before paying; (3) SKILL.md intends to write a new file to your Desktop — ask for explicit details about where files will be saved and whether existing files may be overwritten; (4) request the missing excel-handler source or a complete package so you can review file I/O and any network calls the handler might make; (5) if you test it, use non-sensitive sample files and back up originals. If the publisher cannot provide the missing file or a trustworthy explanation, treat the skill as incomplete and avoid using it.

Like a lobster shell, security has layers — review code before you run it.

latestvk972x9jnps1314vse27e51afr183mgt4
142downloads
0stars
2versions
Updated 3w ago
v1.0.1
MIT-0
橙子@sfxia
latest
Download

功能

  1. 打开Excel文件
  2. 自动删除空行空列
  3. 自动去重
  4. 自动按第一列排序
  5. 自动生成汇总报表
  6. 保存为新文件

执行流程

请按顺序执行:

  1. 让用户选择Excel文件
  2. 读取数据
  3. 清理格式、删除空行
  4. 重复数据去重
  5. 按关键字段排序
  6. 生成数据统计表
  7. 保存新文件到桌面
  8. 告诉用户整理完成

Comments

Loading comments...