ClawHub
Back to skill
v1.1.0

Excel2Insights

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:33 AM.

Analysis

Excel2Insights mostly matches its stated local Excel-analysis purpose, but its documentation makes unsupported ClawHub “HIGH CONFIDENCE” approval claims for a mismatched version and uses undeclared, unpinned dependency setup.

GuidanceReview this skill before installing because its documentation overstates a security approval that is not substantiated by the supplied registry context. If you use it, install dependencies in an isolated environment, consider pinning package versions, and only process spreadsheets whose contents you are comfortable summarizing into local reports and images.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Human-Agent Trust Exploitation
SeverityMediumConfidenceHighStatusConcern
README.md
ClawHub Security Rating: HIGH CONFIDENCE ... ✅ **ClawHub HIGH CONFIDENCE** 最高安全评级

The documentation makes strong security-approval claims, but the supplied registry context does not substantiate them for the evaluated v1.1.0 package and the README also references v1.0.8. This can overstate trust and discourage careful review.

User impactA user may rely on the claimed security rating instead of reviewing the current package’s actual behavior and provenance.
RecommendationDo not rely on the README’s rating claim unless it can be independently verified for this exact version; treat the current package as needing normal review.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
INSTALL.md
pip install pandas matplotlib openpyxl

The dependency installation is user-directed and expected for Excel analysis, but the packages are unpinned and the registry has no install spec declaring them.

User impactInstalling unpinned packages can pull newer or unexpected dependency versions from the package index.
RecommendationInstall in a virtual environment and consider pinning trusted versions of pandas, matplotlib, and openpyxl.
Tool Misuse and Exploitation
SeverityInfoConfidenceHighStatusNote
excel2insights.py
self.data = pd.read_csv(file_path) ... self.data = pd.read_excel(file_path) ... os.makedirs(viz_dir, exist_ok=True)

The tool reads user-specified spreadsheet files and writes local visualization outputs, which is expected for its purpose but still affects local files and potentially sensitive spreadsheet content.

User impactSpreadsheet contents may be printed, analyzed, and saved into local reports or chart files.
RecommendationRun it only on files you intend to analyze and choose an output directory where generated reports and images are acceptable.