STDF Reader
v1.0.0Parse and analyze STDF (Standard Test Data Format) semiconductor test files. Convert STDF to CSV/XLSX, generate analysis reports, correlation reports, PDF ch...
⭐ 0· 13·0 current·0 all-time
byJerry Zhou@showjim
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description claim a CLI for parsing STDF files and the SKILL.md instructs installing and using a Python CLI (pip install stdf-reader) and running stdf-reader commands. There are no unrelated credentials, binaries, or config paths requested.
Instruction Scope
Runtime instructions are limited to installing the stdf-reader package and running its CLI commands against local STDF/CSV files. The guide does ask the user to source .venv (a conventional virtualenv path) but does not instruct reading unrelated system files or sending data to external endpoints. No broad or vague "gather arbitrary context" directives are present.
Install Mechanism
There is no formal install spec in the registry; SKILL.md instructs using pip to fetch stdf-reader from PyPI. This is a common approach but means the actual code executed will come from an external package (PyPI) that was not included for review—moderate supply-chain consideration.
Credentials
The skill declares no required environment variables, credentials, or config paths. The requested items (none) align with the described file-processing purpose.
Persistence & Privilege
The skill is not marked always:true and is user-invocable only. It does not request persistent system-wide config changes or other skills' credentials.
Assessment
This skill's instructions are coherent with its purpose, but it relies on installing the external PyPI package `stdf-reader` which was not bundled for review. Before installing or running: (1) verify the package on PyPI (author, download counts, recent releases) and inspect its source repository if available; (2) install and run it in an isolated virtualenv or disposable environment; (3) avoid giving it files that contain secrets or PII until you trust the package; (4) consider reviewing the package code for network activity or unexpected file access; and (5) if you need stronger assurance, request the skill owner to include the package source or a vetted install spec.Like a lobster shell, security has layers — review code before you run it.
latestvk97c6jch75vc6jrg5np83f8np984910m
License
MIT-0
Free to use, modify, and redistribute. No attribution required.