Back to skill
Skillv1.0.52
ClawScan security
Ai Data Visualization · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 16, 2026, 3:49 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's description promises automated AI data‑visualization capabilities, but the provided SKILL.md contains only marketing text and no runtime instructions, code, or required credentials — the pieces don't add up.
- Guidance
- This package appears to be a placeholder or marketing entry rather than an actionable skill. It makes functional claims but provides no code, runtime instructions, or configuration to actually perform those tasks. Before installing or enabling it: 1) ask the publisher for a detailed SKILL.md that shows runtime steps (APIs, commands, required env vars, endpoints), or provide source/homepage links; 2) require proof of how data is accessed/processed (do they call an external API? which one?); 3) never supply credentials unless you understand why they are needed; and 4) treat this as low technical risk but functionally useless until clarified — avoid enabling it for autonomous use until you get concrete implementation details.
Review Dimensions
- Purpose & Capability
- concernThe name/description claim concrete functionality (AI analysis, multi-format batch processing) but the skill requests no binaries, env vars, config paths, install steps, or code — you would expect APIs, libraries, CLI tools, or instructions to be declared for those features.
- Instruction Scope
- concernSKILL.md is marketing/price/ROI text and contains no runtime instructions for the agent (no commands to run, no APIs to call, no file paths to read/write). There is no guidance that would enable autonomous operation.
- Install Mechanism
- okNo install spec and no code files — lowest installation risk. Nothing will be written to disk by a packaged installer because none is provided.
- Credentials
- noteThe skill requests no environment variables or credentials; that is low risk but also inconsistent with the described capabilities (no justification for how it would access data or services).
- Persistence & Privilege
- okalways is false and the skill is user-invocable only; it does not request elevated or persistent platform privileges.