ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Data Analysis Seller

v1.0.0

Provide data cleaning, statistical analysis, interactive visual reports, and custom real-time dashboards using Python, Excel, and SQL.

0· 101·1 current·1 all-time
by@yongtaop1-sys
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description promise full data-cleaning, statistical analysis, and real-time dashboards using Python/SQL/Excel, but the skill includes no code, no runtime instructions, and no declared requirements for tools or credentials. This makes the implementation unclear: it appears to be a service offer rather than a runnable skill.
!
Instruction Scope
SKILL.md is essentially a service advertisement with no concrete agent instructions for handling uploaded data, running analyses, or producing dashboards. It explicitly lists external contact channels (email and Telegram), which encourages moving data off-platform and could lead to manual exfiltration of sensitive data.
Install Mechanism
No install spec and no code files (instruction-only). This is the lowest-risk install profile — nothing will be written to disk by an installer.
Credentials
The skill declares no required environment variables, credentials, or config paths. That is proportionate for a non-executable, advertising-style skill, but also means the skill cannot autonomously access data or services without users manually sharing it.
Persistence & Privilege
always:false and no special privileges requested. The skill does not request persistent presence or modify agent configuration.
What to consider before installing
This skill reads like a human-run service ad rather than an automated data-analysis tool. Before installing or interacting with it, ask the publisher to clarify how analyses are performed (does the agent run code locally/in-platform or do humans do the work externally?), request a privacy/data-handling policy, and avoid sending any sensitive or regulated data to the provided email or Telegram addresses. If you expect an automated skill, ask for concrete SKILL.md runtime instructions or code that show how data is handled within the agent (and what environment variables or permissions it needs). If the publisher insists on off-platform contact, treat that as a red flag for potential data exfiltration and do not share credentials, PII, or proprietary data.

Like a lobster shell, security has layers — review code before you run it.

latestvk977n0mazgkw9wvhmxjsz05ftx83fwcw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments