ClawHub

Resource Position Analysis

v1.0.0

Analyze conversion funnel data for frontend resource positions (banners, cards, popups) from exposure, click, and business conversion dimensions. Decompose d...

0· 64·0 current·0 all-time
by@wuyi-ding
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the actual behavior: a local Python script that reads an Excel file, computes funnel decomposition, and writes a Markdown report. Declared requirement (python3) and included files (analyze.py, requirements.txt, README, templates) are consistent with the stated purpose.
Instruction Scope
SKILL.md instructs the agent to run the bundled scripts/analyze.py against a user-provided Excel file and to read the generated Markdown report. It does not instruct reading unrelated system files, environment variables, or posting results to external endpoints. The path-resolution guidance (determine SKILL.md absolute path to locate the script) is slightly brittle but not a scope creep.
Install Mechanism
There is no platform install spec (instruction-only), but the bundled analyze.py will auto-install missing dependencies by calling pip (subprocess.check_call([sys.executable, '-m', 'pip', 'install', ...])). Auto-installing from PyPI is common for Python utilities, but it does perform network installs at runtime (supply-chain risk). The install mechanism does not download arbitrary binaries or from untrusted URLs; it uses pip and the declared packages (pandas, openpyxl).
Credentials
The skill requires no environment variables, no credentials, and no config paths. The script does not read or require unrelated secrets or tokens.
Persistence & Privilege
Flags are default (always:false). The skill does not request permanent system presence or modify other skills or global agent configuration. It runs as a one-off local analysis script.
Assessment
This skill appears to do what it says: run a local Python script to analyze an Excel file and produce a Markdown report. Before running it: 1) Review scripts/analyze.py (you already have it) or run it in an isolated environment to confirm behavior. 2) Prefer running inside a virtualenv or sandbox so the script's pip installs don't affect your global Python environment. 3) Be aware the script will run pip to install pandas/openpyxl from PyPI at runtime (standard but a supply-chain consideration); if you prefer, pre-install those packages from trusted sources first. 4) Only run the script on data you trust or after confirming it won’t be sent elsewhere—there is no evidence it exfiltrates data, but exercising caution with sensitive files is prudent. If you want higher assurance, ask the publisher for provenance (source repo or homepage) or request a signed release.

Like a lobster shell, security has layers — review code before you run it.

latestvk976tmtb840zqsjcnq1h27k1ch83mm6p

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📊 Clawdis
OSLinux · macOS
Binspython3

Comments