spearman-correlation

AdvisoryAudited by Static analysis on Apr 30, 2026.

Overview

No suspicious patterns detected.

Findings (0)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

NoteHigh Confidence

ASI02: Tool Misuse and Exploitation

What this means

The agent may read files in the paths you provide and run local Python/statistical commands to produce the analysis output.

Why it was flagged

These tools permit local file access and shell-command execution. In context, they are used for user-supplied data analysis, so this is purpose-aligned but still worth noticing.

Skill content

allowed-tools: Read, Bash, Glob, Grep

Recommendation

Only provide the intended data files or folders, and review any proposed shell/Python command if the agent asks to install packages or operate outside the analysis directory.

NoteHigh Confidence

ASI04: Agentic Supply Chain Vulnerabilities

What this means

Results and setup may depend on the local Python environment and package versions available on the machine.

Why it was flagged

The skill depends on common local Python packages, but the artifacts do not include an install spec or version pins. There is no automatic install instruction, so this is a provenance/operational note rather than a concern.

Skill content

## 依赖
- Python 3
- pandas
- scipy
- statsmodels
- openpyxl

Recommendation

Use a trusted, controlled Python environment for the analysis, especially if installing any missing packages.