Skillv1.0.1

ClawScan security

保险Excel自动数据分析工具 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 26, 2026, 4:48 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly matches its stated purpose (Excel EDA → charts → Word report) but it instructs the agent to call external LLM APIs (Kimi/DeepSeek) and use API keys that are not declared in the registry metadata — creating a mismatch and potential data-exfiltration risk for sensitive insurance data.
Guidance: This skill will run local Python scripts to analyze your uploaded Excel/CSV/JSON and will (if used as described) send the analysis summary and chart descriptions to third‑party LLM endpoints (https://api.moonshot.cn and https://api.deepseek.com) using KIMI_API_KEY / DEEPSEEK_API_KEY. Before installing or using it: (1) recognize that summary.json can include sensitive insurance data (PII, policy numbers, claim amounts); consider redacting or minimizing fields before sending; (2) verify and trust the external LLM providers' data retention/privacy policies; (3) prefer configuring API keys with least privilege and not in shared shells; (4) expect that registry metadata currently does NOT declare these env vars — ask the publisher to update requires.env to document credential needs; (5) run the scripts in an isolated environment or sandbox first and inspect summary.json output to confirm what would be sent. If you cannot trust the external LLM endpoints or need to keep data fully on-premise, avoid providing API keys or modify the workflow to use a local model or skip the external-insight step.

Review Dimensions

Purpose & Capability: noteThe name/description, scripts, and behavior align: analyze Excel/CSV/JSON, produce EDA, charts, and a Word report. However, the SKILL.md and references require KIMI_API_KEY / DEEPSEEK_API_KEY to produce AI insights, yet the registry metadata lists no required environment variables or primary credential — an inconsistency between claimed runtime requirements and the declared manifest.
Instruction Scope: concernRuntime instructions explicitly require the agent to (1) run local analysis scripts (analyze.py/export_report.py) and (2) call external APIs (Kimi/DeepSeek) with the generated summary and chart descriptions. Sending summary.json (which may contain PII/claims/customer data) to third‑party endpoints is outside simple local analysis and creates an exfiltration risk; the instructions do not include safeguards (redaction, minimization, or an explicit opt-in) before pushing data externally.
Install Mechanism: okNo install spec (instruction-only plus bundled scripts). The included Python scripts use only standard, well-known libraries (pandas, matplotlib, python-docx). Nothing is downloaded from remote URLs or installed automatically by the skill.
Credentials: concernThe skill requires third-party LLM API keys (KIMI_API_KEY, DEEPSEEK_API_KEY) to generate AI insights — these are proportionate to the declared AI-insight feature. But the registry metadata declares no required env vars/credentials, so the manifest underreports sensitive credential needs. Requiring API keys to send potentially sensitive summary data externally should be clearly declared and justified.
Persistence & Privilege: okalways is false and the skill is user-invocable; it does not request permanent platform presence or modify other skills. The scripts operate on local files and produce output files; no privileged or persistent system modifications are present.