tableau
v0.1.0Expert on modern configuration converter — converts Excel/CSV/XML/YAML into Protobuf-backed JSON/Text/Bin configs via protogen + confgen pipeline. Trigger wh...
⭐ 0· 98·0 current·0 all-time
by@wenchy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description, references, and extensive docs all match a tool that converts spreadsheets into protobuf-backed configs. However the SKILL.md repeatedly instructs the agent to run the 'tableauc' CLI and to use an 'xlsx' skill to create .xlsx files while the registry metadata lists no required binaries. That is a minor coherence gap: the skill expects local tooling (tableauc) to be available but does not declare it.
Instruction Scope
Runtime instructions are narrowly scoped to creating input files under temp/, ensuring a config.yaml, and running protogen/confgen (tableauc -m proto/conf). The skill explicitly constrains working directory to temp/ and references local files under that directory. It does not instruct reading unrelated system files or asking for secrets. It does reference external GitHub docs for learning, which implies network access for documentation but not for exfiltration.
Install Mechanism
There is no install spec and no code files — the skill is instruction-only, so nothing will be downloaded or written by an installer. This minimizes install-time risk.
Credentials
The skill does not request environment variables, credentials, or config paths. The runtime instructions only require creating files in temp/ and running local commands; no sensitive environment access is requested.
Persistence & Privilege
The skill is user-invocable, not forced-always. It does not request persistent system-wide privileges or attempt to modify other skills' configuration. Autonomous invocation is allowed by platform default (disable-model-invocation: false) but is not combined with broad/privileged access here.
Scan Findings in Context
[no_code_files_to_scan] expected: The static scanner found no code because this is an instruction-only skill (SKILL.md + documentation files). That is expected for this kind of skill; absence of findings is not a guarantee of safety but is consistent with the skill's design.
Assessment
This skill is essentially a how-to for using the tableauc protogen/confgen pipeline. Before installing/using it: 1) Make sure you trust and have the tableauc binary available on the agent's system (the SKILL.md assumes you will run tableauc but the skill did not declare that binary). 2) If you want to avoid the agent executing local binaries or writing files, do not enable autonomous invocation for this skill or run it in a sandboxed environment — the instructions will create files under temp/ and run tableauc in that directory. 3) Verify any generated .proto/.json outputs yourself and confirm the tableauc binary you use comes from a trusted source (the skill's learning-resource GitHub links are helpful but the skill has no homepage or publisher details). 4) If you lack the tableauc CLI or the xlsx-producing capability the skill references, the skill will fail rather than installing anything malicious.Like a lobster shell, security has layers — review code before you run it.
latestvk978jx54ra2vx2fctyehqgy8xx83n5kq
License
MIT-0
Free to use, modify, and redistribute. No attribution required.