中国汽车产销分析可视化
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
Installing unpinned packages can expose the user to dependency changes or supply-chain risk if a package version later becomes unsafe.
Why it was flagged
The skill relies on manually installed, unpinned PyPI dependencies. This is purpose-aligned for a Python dashboard, but package provenance and version pinning are not controlled by the skill artifacts.
Skill content
pip install akshare pandas matplotlib numpy
Recommendation
Install dependencies in a virtual environment and consider pinning trusted package versions before use.