Back to skill
Skillv1.0.23
ClawScan security
Data Analyst Cn · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 17, 2026, 5:58 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only Chinese data-analysis helper that is internally consistent with its stated purpose and only requires python3; nothing requested appears disproportionate or unrelated.
- Guidance
- This is an instruction-only data-analysis helper that provides Python templates and expects python3. Before using: ensure your environment has the needed Python libraries (pandas, matplotlib/seaborn, statsmodels, requests), review any generated code before executing it, and avoid pointing the skill at sensitive files or untrusted remote URLs. The SKILL.md examples include reading local files and calling APIs — that's normal for analysis but could access your data if the agent is allowed to run code or fetch external data, so control what files/URLs you give it.
Review Dimensions
- Purpose & Capability
- okName/description (data cleaning, stats, visualization) match the SKILL.md content. Required binary python3 is appropriate and expected for the provided Python templates. There are no unrelated binaries, credentials, or config paths requested.
- Instruction Scope
- noteInstructions are example Python snippets that read local files (CSV/Excel/SQLite), call APIs (requests.get example), and generate plotting/report code — all relevant to data analysis. Note: the templates show reading local files and contacting external APIs; this is expected for analysis tasks but means the agent may access user files or reach network endpoints when executing these templates, so review any data/URLs used.
- Install Mechanism
- okNo install spec or external downloads — instruction-only skill. This minimizes disk-write and supply-chain risk.
- Credentials
- okThe skill requests no environment variables or credentials. Example code references (APIs, local DB files) are examples and do not imply the skill will require unrelated secrets.
- Persistence & Privilege
- okalways is false and the skill is user-invocable; it does not request permanent presence or elevated privileges. Autonomous invocation is allowed by platform default but not excessive here.