Is datadrivenconstruction/data-evolution-analysis safe?
https://github.com/openclaw/skills/tree/main/skills/datadrivenconstruction/data-evolution-analysis
This skill provides legitimate construction industry data analysis capabilities for assessing digital maturity in organizations. While sensitive files were accessed during installation and the skill contains executable Python code, no actual security threats were detected and canary files remained intact.
Category Scores
Findings (3)
LOW Sensitive File Access During Installation -15 ▶
System processes accessed sensitive files (.env, SSH keys, AWS credentials, etc.) during skill installation. However, canary file integrity checks confirm no actual data exfiltration occurred.
INFO Executable Python Code Present -10 ▶
The skill contains extensive Python code for construction data analysis. While the code appears legitimate and focused on digital maturity assessment, it represents executable content that could theoretically be modified.
INFO Large Code Content -5 ▶
The skill contains a very large amount of code content which could potentially be used to hide malicious instructions, though none were detected upon analysis.