ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Excel Master

v1.0.1

Comprehensive Excel tool for opening, filtering, summarizing, charting, PDF exporting, and AI-based table analysis across multiple sheets.

0· 46·0 current·0 all-time
by@zywss
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The name and description promise charting, PDF export, and AI-based analysis. The included index.js only implements opening, reading, basic filtering, simple statistics, and a trivial row/column 'analysis'—no chart generation, no PDF export, no AI integration. package.json also does not declare the required 'xlsx' dependency used by the code. The required capabilities are therefore overpromised and inconsistent with the actual code.
!
Instruction Scope
SKILL.md instructs the agent to perform charts, PDF export, and AI analysis. The runtime code does not implement those actions. The code does read arbitrary file paths provided by the user (XLSX.readFile), which is expected for an Excel tool but means it will access local files if given paths—this is within scope but should be explicit to users. Overall the instructions grant capabilities the code doesn't have.
Install Mechanism
No install spec is provided (lower risk). However, index.js requires the 'xlsx' package but package.json lists no dependencies; that discrepancy will likely cause runtime failures or hidden implicit install behavior. There are no downloads or external install URLs present.
Credentials
The skill requests no environment variables, no credentials, and no special config paths. That is proportionate for a local Excel-processing skill.
Persistence & Privilege
The skill is not marked always:true and uses normal invocation. It does not modify other skills or system config. Autonomous invocation is allowed (platform default) but not combined with other concerning privileges.
What to consider before installing
This skill overpromises features it doesn't implement and omits the 'xlsx' dependency. Before installing: (1) don't assume it can create charts, export PDFs, or run AI analysis—ask the author or request source that implements those features; (2) expect it to read any local file path you give it, so don't open sensitive files with it unless you trust the code; (3) the missing dependency will likely cause runtime errors—ask for an updated package.json or a trustworthy package source (e.g., GitHub) and review the full source; (4) consider running it in a sandboxed environment first. If you need charting or PDF export, request proof of those implementations rather than trusting the README/SKILL.md alone.

Like a lobster shell, security has layers — review code before you run it.

chartvk9715da23xpx6r30knk7rtt9pn8452gfdatavk9715da23xpx6r30knk7rtt9pn8452gfexcelvk9715da23xpx6r30knk7rtt9pn8452gflatestvk971m27ehskr4ct5g0meggpt25844dkrofficevk9715da23xpx6r30knk7rtt9pn8452gfpdfvk9715da23xpx6r30knk7rtt9pn8452gfstatisticsvk9715da23xpx6r30knk7rtt9pn8452gftablevk9715da23xpx6r30knk7rtt9pn8452gf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments