ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

table-structure-handler

v1.5.0

表结构Excel处理技能。当用户说"表结构处理"时触发。

0· 109·0 current·0 all-time
by@cztzb

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for cztzb/table-structure-handler.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "table-structure-handler" (cztzb/table-structure-handler) from ClawHub.
Skill page: https://clawhub.ai/cztzb/table-structure-handler
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install table-structure-handler

ClawHub CLI

Package manager switcher

npx clawhub@latest install table-structure-handler
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's stated purpose (processing Excel table-structure files) aligns with the large bundled libraries (openpyxl for Excel manipulation, pypinyin for Chinese pinyin handling) and data files describing headers and styles. However SKILL.md describes the skill as "instruction-only" (no install spec), which contradicts the presence of ~235 code files (scripts/lib/* and scripts/process_table.py). Bundling these libraries is plausible for this purpose, but the metadata/instruction mismatch is an inconsistency to be aware of.
Instruction Scope
The SKILL.md instructions are narrowly scoped: read the newest or specified .xlsx from /workspace/user_input_files/ and write a _processed.xlsx to /workspace/skills_output/. The described transformations (delete first row, insert columns F~N headers, styling, preserve A~E) are consistent with what openpyxl can perform. Instructions do not request other system files, credentials, or external endpoints.
Install Mechanism
No install spec is declared (reduces download risk), but the skill package already includes full third-party libraries (openpyxl 3.1.5, et_xmlfile, pypinyin) and a main script (scripts/process_table.py). Bundling is not inherently malicious but increases the code surface that will run locally; the package does not fetch code from the network during install according to provided metadata.
Credentials
The skill does not request any environment variables, credentials, or config paths. The declared inputs/outputs are only workspace paths, which is proportionate to Excel processing.
Persistence & Privilege
The skill is not always-enabled and allows user invocation. There is no indication it modifies other skills or system-wide settings. It writes outputs into /workspace/skills_output/ which is expected for its function.
What to consider before installing
This skill appears to do what it claims (Excel table-structure processing) and includes legitimate libraries (openpyxl, pypinyin). However: 1) the SKILL.md calls it "instruction-only" but the package contains ~235 code files — ask the author why code is bundled and request a source/homepage or repository for review. 2) Before using, review scripts/process_table.py (the main script) for any unexpected behaviors (network calls, reading paths outside /workspace/user_input_files/, or writing outside /workspace/skills_output/). 3) Test the skill first with non-sensitive sample files to confirm outputs and ensure no external communication happens. 4) If you must run it on sensitive data, consider running it in a restricted environment (isolated workspace, limited filesystem permissions) or request the upstream source so you or your security team can audit the code. Providing the author’s repository, digital signatures, or hashes for the bundled libraries would raise confidence.

Like a lobster shell, security has layers — review code before you run it.

latestvk9722ryzrbw7h3qq756m01ctkh83n3c0
109downloads
0stars
1versions
Updated 1mo ago
v1.5.0
MIT-0
@cztzb
latest
Download

table-structure-handler 表结构处理技能

触发词

  • "表结构处理"
  • "处理表结构"

功能说明

对上传到 user_input_files/ 的 Excel 表结构文件进行处理:

  1. 删除第一行(原表标题行)

  2. 在新的第一行 F 列起插入9列标准表头

    标题
    F表英文名称
    G表中文名称
    H数据类型
    I数据长度
    J数据精度
    K唯一性约束
    L创建索引
    M数据说明(不作为注释)
    N数据质量规则(不作为注释)

  3. 设置行高为 30

  4. 添加默认边框

  5. 自动调整 F~N 列列宽

  6. A~E 列原有数据完整保留

  7. 应用表格样式(根据 data/cellStyle.txt)

输入输出

类型路径
输入目录/workspace/user_input_files/
输入文件目录下最新的 .xlsx 文件,或用户指定文件名
输出文件/workspace/skills_output/ + 文件名_processed.xlsx

使用方式

上传文件到 user_input_files/,然后说:

"表结构处理"

指定文件名时:

"表结构处理 XXX.xlsx"

注意事项

  • 不覆盖原文件,输出带 _processed 后缀
  • 支持模糊文件名(如 表C.2.2 即可匹配完整文件名)
  • A~E 列数据原样保留

Comments

Loading comments...