d3-visualization

v0.1.0

Build deterministic, verifiable data visualizations with D3.js (v6). Generate standalone HTML/SVG (and optional PNG) from local data files without external n...

⭐ 0· 41·0 current·0 all-time

by@wu-uk

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

Capability signals

CryptoCan make purchases

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Benign

View report →

OpenClaw

Benign

medium confidence

ℹ

Purpose & Capability

The files and instructions align with a D3 visualization helper: example charts, tooltip handlers, and rules for deterministic output. Minor inconsistency: the top-level description mentions D3 v6 while the SKILL.md and recommended vendor filename pin d3 v7.9.0.

✓

Instruction Scope

SKILL.md confines actions to reading local data files (*.csv, *.tsv, *.json), producing static output under dist/, and vendoring D3 locally (explicitly forbids CDNs). It does not instruct reading unrelated system files, exfiltrating data, or accessing credentials.

ℹ

Install Mechanism

This is instruction-only (no install spec), which is low-risk. However SKILL.md expects a vendored D3 bundle (vendor/d3.v7.9.0.min.js) but provides no automated install or vendor file — the operator/agent must supply it or bundle the dependency manually.

✓

Credentials

No environment variables, secrets, or external credentials are requested or required; the scope is proportionate to producing offline visualizations.

✓

Persistence & Privilege

The skill is not always-enabled and has no special persistence or elevated privileges. It does not modify other skills or system-wide settings.

Assessment

This skill is generally coherent for generating deterministic D3 visualizations from local data, but consider the following before installing/using: 1) D3 version mismatch — the metadata mentions v6 while SKILL.md pins v7.9.0; confirm which version you want and ensure example code is compatible. 2) No install/vendoring steps are provided — SKILL.md expects you to vendor d3 (vendor/d3.v7.9.0.min.js) or bundle it with a lockfile; make sure the required D3 file is supplied locally (the skill forbids CDNs). 3) Example code fetches data via relative paths (e.g., /data/stocks.csv) — verify your deployment will serve those files over HTTP or adapt the code to inline data. 4) Force-directed layouts can be non-deterministic unless you follow the given determinism rules; review the examples (they use forceSimulation) and test reproducibility. 5) There are no network exfiltration patterns in the files, but if you plan to run the skill in an environment with sensitive local files, ensure only intended data files are used. If you want higher confidence, ask the author to: (a) resolve the D3 version inconsistency, (b) include an explicit vendoring/install step or bundled vendor file, and (c) confirm the intended data file paths and hosting model.

Like a lobster shell, security has layers — review code before you run it.

latestvk9790w5zbzzg0ewj8en8z4prrx84t76f

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

d3-visualization

License

Comments