Csv Analyzer
PassAudited by ClawScan on May 10, 2026.
Overview
This is a local CSV-analysis helper with no evidence of network access, credential use, persistence, or exfiltration; its main security note is an unnecessary but tightly constrained use of Python eval for numeric filters.
This skill appears safe for local CSV analysis. Use it on files you intend to analyze, choose output paths carefully because exports can overwrite files, and prefer a version that replaces the eval-based comparison with explicit operators.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user can run the CSV filter feature without evidence that their data is being sent elsewhere, but the implementation uses a fragile pattern that should be reviewed before relying on it in sensitive workflows.
The script uses eval, which is generally risky, but the evaluated expression is limited to local numeric variables and an operator selected from an allowlist, making it purpose-aligned and much less risky than arbitrary eval.
m = re.match(r"(\w+)\s*(>=|<=|!=|>|<|==|=)\s*(.+)", args.where) ... return eval(f"a {op} b")Replace eval with explicit comparisons or Python's operator module, for example mapping '>' to operator.gt and '==' to operator.eq.