Ai Intelligent Data Governance
PassAudited by ClawScan on May 1, 2026.
Overview
The provided skill artifact has no code or automatic behavior, but it is a sparse data-governance README that points to external code and sensitive data/permission features users should review.
The provided artifact itself does not show malicious code, credential theft, or automatic harmful behavior. Before using it, verify the external GitHub repository and dependencies, confirm who maintains it, and only connect enterprise data sources with least-privilege credentials and clear retention/approval rules.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you follow the setup commands, you may execute code and dependencies that were not included in this artifact review.
The skill is otherwise instruction-only and includes no reviewed application code, so following this setup would run dependencies and application code from an external repository. This is purpose-aligned setup documentation, but it is a supply-chain/provenance point users should verify.
git clone https://github.com/openclaw-skills/ai-intelligent-data-governance cd ai-intelligent-data-governance pip install -r requirements.txt python app.py
Review the GitHub repository, pin a trusted commit and dependency versions, and only run the app in an environment appropriate for enterprise data.
If granted broad credentials later, the system could affect access to sensitive business data or data-source permissions.
The advertised system may manage permissions across multiple enterprise data sources. That authority is expected for a data-governance product, but the artifacts do not specify credential scopes, approval rules, or reversibility.
- 数据安全(权限管理) - 基础版:¥299/月(10 数据源) - 企业版:¥4999/月(无限数据源)
Use least-privilege credentials, prefer read-only access by default, and require explicit human approval for any permission changes.
Cataloged metadata could reveal sensitive system names, schemas, ownership, or data-flow relationships if handled too broadly.
Lineage tracking and asset catalogs can persist and reuse metadata about enterprise data sources. This is core to data governance, but users should decide what metadata may be indexed, retained, or reused.
- 数据血缘(追踪来源) - 数据资产(资产目录)
Define retention, access controls, exclusions, and review processes before connecting sensitive data sources.
Users might assume the external repository is officially maintained without independently checking publisher provenance.
The README uses an official-sounding author label, while the provided skill.json lists a different author. This is not proof of deception, but it makes provenance worth verifying before trusting the external install source.
作者:OpenClaw Skills Team
Verify the publisher, repository ownership, and release provenance before installing or connecting enterprise data.