Skillv1.0.0

ClawScan security

传输单边故障日报报表生成器 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 29, 2026, 4:30 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent: it documents and includes a Python script that reads a local Excel input, computes per-period statistics, and writes a formatted Excel report; it does not request credentials, network access, or unusual installs.
Guidance: This skill appears to do exactly what it says: read an input .xlsx, compute per-assessment-period statistics, and write a formatted Excel workbook. Before running: (1) review and, if needed, update INPUT_DIR and OUTPUT_DIR constants in scripts/generate_assessment_period_report.py so they point to the intended locations (the defaults point to /Users/ahs/.openclaw/workspace/...); (2) inspect the script yourself to confirm there are no modifications that would access other files or external endpoints; (3) install dependencies with pip in an isolated environment (virtualenv) and test on a copy of your data; (4) avoid pointing the script at directories containing sensitive files you don't want processed or overwritten. There are no network calls or credential requests in the supplied code, so the main remaining risk is accidental file overwrite or incorrect input paths — back up data before running.

Purpose & Capability: okName/description match the included artifacts: SKILL.md, a reporting script and helper files. Declared requirements (python3, pandas, openpyxl) align with the script's functionality. No unrelated binaries or credentials are requested.
Instruction Scope: okSKILL.md and scripts instruct the agent to read local Excel files, compute statistics, and write Excel output. The instructions and code reference only local file I/O and DataFrame operations; there are no instructions to collect extra system state, read other config files, or transmit data externally. Example_usage.py spawns the script as a subprocess (expected).
Install Mechanism: okNo install spec is provided; dependencies are standard Python packages (pandas, openpyxl) installed via pip in the documentation. No network downloads or extraction from arbitrary URLs are present in the files provided.
Credentials: okThe skill requires no environment variables or credentials. The script uses hard-coded local paths (under /Users/ahs/.openclaw/workspace) which is an environment assumption but not a request for secrets.
Persistence & Privilege: okalways is false, and the skill does not attempt to modify other skills or system-wide configurations. It only writes output Excel files to the local workspace directories it is configured to use.