📦 Ai Intelligent Data Catalog — 智能数据目录
v1.0.0一站式数据资产与元数据管理平台,自动发现、分类、标注数据资源,支持多源接入与权限管控,让数据查找、共享与治理更高效。
0· 123·1 当前·1 累计
by 下载技能包
最后更新
2026/3/29
安全扫描
OpenClaw
可疑
medium confidenceNULL
评估建议
This skill appears to be a legitimate data-catalog project but asks you to git clone and run an external GitHub repository that is not bundled with the skill. Before installing or running it: (1) Inspect the GitHub repository (source code, requirements.txt, README, recent commits, and issues) to confirm intent and safety. (2) Prefer cloning a pinned release or commit rather than HEAD. (3) Run the code in a sandboxed environment or VM (not on a production machine). (4) Be cautious about providing...详细分析 ▾
ℹ 用途与能力
Name/description (data catalog / metadata management) align with the SKILL.md features (asset registration, metadata collection, search). However the package has no homepage/source declared in metadata and the SKILL.md directs the user to clone a GitHub repo (external code) that is not included in the skill bundle; that mismatch is worth noting.
⚠ 指令范围
Runtime instructions explicitly tell the agent/user to git clone a repository and run pip install and python app.py. That means the agent would fetch and execute arbitrary third-party code at runtime — an action beyond simply calling APIs or running small helper commands and not validated as part of the skill. The instructions do not describe required credentials, config files, or network exposure that the cloned app may need.
⚠ 安装机制
There is no formal install spec, but SKILL.md instructs a git clone from GitHub and installing requirements.txt then running app.py. Fetching and executing external code is inherently higher risk even when hosted on GitHub; the skill does not include the repo contents for review and does not pin a commit or release.
ℹ 凭证需求
Skill declares no required environment variables or credentials, which is consistent with the provided metadata. However the external application the instructions install/run almost certainly will need configuration (DB credentials, API keys) that are not declared here — a potential omission that could lead to requesting sensitive credentials later.
ℹ 持久化与权限
The skill is not forced-always and is user-invocable only. Nevertheless the instructions start a Python web application (python app.py), which could create a long-running service on the host and open network ports. That persistent runtime behavior is not surfaced in the skill metadata and increases the attack surface.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/29
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install ai-data-catalog
镜像加速npx clawhub@latest install ai-data-catalog --registry https://cn.longxiaskill.com