Data Mover Skill
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is not overtly malicious, but it can capture your screen and automate bulk clipboard/keyboard data entry into business systems without clear limits, approvals, or rollback controls.
Only use this in a controlled environment first. Disable scheduled/hotkey runs, start with dry-run and small batches, restrict screenshots to selected regions, verify mappings before writes, back up target systems, and inspect/delete generated screenshots, logs, and result files.
Findings (7)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A bad OCR result, wrong mapping, or wrong active window could quickly submit or overwrite business records.
The skill tells the agent to drive the user interface and move data into arbitrary systems at high speed. The artifacts do not define confirmation gates, allowed targets, rollback, or maximum mutation scope.
模拟键盘鼠标操作 ... 批量处理(100+ 条/分钟) ... 错误自动重试 ... Excel/Google Sheets → 任意系统
Use only with explicit source/target selection, small batches, dry-run first, and human approval before writing to CRM/ERP/database systems.
The skill could move or enter data when the user does not expect it, especially if the wrong application or account is active.
Recurring and global-trigger automation for data movement can operate outside a single deliberate user request. The artifacts do not describe stop conditions, disable controls, or mandatory confirmation before each run.
定时触发: 每天固定时间执行 ... 热键触发: 配置全局热键(如 F12)
Do not enable scheduled or hotkey execution unless there is a visible prompt, easy disable control, narrow task scope, and audit trail for each run.
One incorrect interpretation can become many incorrect records in downstream systems.
The workflow combines learned/automatic mapping, bulk speed, and retry behavior. If a mapping or OCR result is wrong, the error can propagate across many records and systems.
自动识别字段对应关系 ... 学习用户操作习惯 ... 批量处理(100+ 条/分钟) ... 错误自动重试
Require preview, sample validation, batch caps, error-stop behavior, and a rollback/export report before modifying production data.
Actions may be performed with the user's full privileges in CRM, ERP, database, or web systems.
The skill is intended to act inside third-party business systems, likely using the user's current application/session privileges through GUI automation. The artifacts do not define scoped accounts, target permissions, or approval boundaries.
Excel/Google Sheets → 任意系统 ... 邮件 → CRM/ERP ... 网页表单 → 数据库
Use least-privilege test accounts or sandbox systems first, and avoid granting the skill access to production sessions until target-specific boundaries are defined.
Sensitive information visible on screen could remain in local screenshot files and be exposed or reused later.
The code saves screen captures to local image files. Full-screen captures may include unrelated private data, and the artifacts do not specify retention, exclusions, cleanup, or encryption for these captured contexts.
filename = f"screenshot_{timestamp}.png" ... screenshot = pyautogui.screenshot() ... screenshot.save(filename)Capture only selected regions, store outputs in a dedicated protected folder, automatically clean up screenshots, and document encryption/retention behavior.
Users may over-trust the safety of storing or processing sensitive business data with this skill.
The skill makes strong privacy/security claims, but the provided artifacts do not define how encryption, retention, or log redaction is enforced while the code writes screenshots and the documentation advertises detailed logs/results.
本地处理,数据不出境 ... 敏感数据加密存储
Treat the privacy claims as unverified unless encryption, cleanup, logging scope, and data-retention controls are documented and tested.
Users must manually trust the included code and any separately installed dependencies.
The skill includes runnable Python code and dependencies, but the registry does not provide a trusted install spec or source provenance. This is not malicious by itself, but it increases review burden.
Source: unknown ... No install spec — this is an instruction-only skill.
Review the code and install dependencies from trusted package sources in an isolated environment before use.