📦 Viz Table — 图表可视化
v1.0.0读取 CSV/JSON 文件,用 ECharts 自动生成柱状图、折线图、饼图、环形图等 HTML 可视化,并在浏览器即时展示。
0· 141·0 当前·0 累计
by @charles-lpf下载技能包
最后更新
2026/3/26
安全扫描
OpenClaw
可疑
medium confidenceNULL
评估建议
This skill appears to do what it says, but it includes risky runtime behaviors you should consider before installing or using it:
- Client-side use of eval(): The SKILL.md instructs the page to compute user-entered formulas via eval(), which can execute arbitrary JavaScript. Replace eval() with a safe expression evaluator (e.g., mathjs) or strictly validate/parse formulas before execution.
- Unsanitized data injection / XSS risk: The generated HTML will render the input CSV/JSON into the page....详细分析 ▾
✓ 用途与能力
The name/description (visualize CSV/JSON with ECharts) matches the instructions: read a file, parse CSV/JSON, build ECharts options, write an HTML, and open it. No unrelated credentials, binaries, or installs are requested.
⚠ 指令范围
Instructions tell the agent to inline raw file data into an HTML page and to implement a client-side formula editor that performs string replacement and uses eval(). The SKILL.md does not require or describe output sanitization or escaping, which enables DOM/script injection when input files contain malicious content. It also hard-codes a platform-specific shell command (`open /tmp/...`) without fallback.
ℹ 安装机制
Instruction-only skill with no install — low risk for on-disk installs. However, the generated HTML loads ECharts from an external CDN (jsdelivr.net), which is a supply-chain/network dependency the skill will pull at runtime in the user's browser.
✓ 凭证需求
No environment variables, credentials, or config paths are requested — this is proportional to the described task.
✓ 持久化与权限
Skill is not always-enabled and does not request elevated platform privileges or modify other skills. It writes a single file to /tmp (temporary location) and opens it, which is normal for this use case.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/26
NULL
● 可疑
安装命令
点击复制官方npx clawhub@latest install viz-table
镜像加速npx clawhub@latest install viz-table --registry https://cn.longxiaskill.com镜像同步中