Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description ('Excel 数据分析与可视化') match the included code and docs. Declared dependencies (pandas, matplotlib, openpyxl) are appropriate for reading Excel/CSV files and creating PNG charts. No unrelated credentials or binaries are requested.
Instruction Scope
SKILL.md is minimal and describes a local Excel analysis tool. The python source shown performs local file I/O (loading spreadsheets), analysis, and writes PNG reports—these actions are appropriate for the stated purpose. There are no instructions to read unrelated system files or environment variables in the visible content.
Install Mechanism
No install spec is provided (instruction-only skill), and INSTALL.md simply advises pip install of reasonable Python packages from PyPI. Nothing in the bundle attempts to download or execute remote archives.
Credentials
The skill requires no environment variables or credentials. The code as shown does not reference secrets or external service tokens. Requested resources (local files, output directories) are proportional to an analysis tool.
Persistence & Privilege
The skill does not request always:true and does not attempt to modify agent/system configuration in the visible files. It runs on demand and writes only analysis outputs (reports, PNGs) to local directories.
Assessment
This package appears coherent with its stated purpose (local Excel analysis and PNG report generation) and doesn't request credentials or network access in the visible files. Before installing or running it on sensitive data: 1) inspect the full excel2insights.py file (the review bundle truncated the file) and search for any network-related modules (requests, http, socket, urllib, ftplib) or for subprocess/os.system calls; 2) verify there is no obfuscated or dynamically generated code (eval/exec/compile imported from external sources); 3) install dependencies in an isolated virtualenv and run the tool on non-sensitive sample data first; 4) monitor outbound network activity (e.g., with a firewall or sandbox) the first time you run it; and 5) if you need higher assurance, request the full, untruncated source or run a static scan for any hidden IO or networking. If you find network calls or unexpected secret access in the remaining portion of the file, treat the skill as suspicious and do not run it on real data.Like a lobster shell, security has layers — review code before you run it.
latestvk973f4pqenq8jg7s1vxfe2ahbx834svf
License
MIT-0
Free to use, modify, and redistribute. No attribution required.