li-etl-handle-safe Security Report — Trusted | ClawSafe

0 /100

li-etl-handle-safe

安全版 Excel/CSV ETL 处理技能 - 无任意代码执行，使用安全依赖

This is a legitimate Excel/CSV ETL processing skill with no security issues. All capabilities match the documented behavior, no code execution or credential harvesting present.

Skill Nameli-etl-handle-safe

Duration31.2s

Enginepi

✓

Safe to install

This skill is safe to use. No additional security controls required.

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ,WRITE`	`READ,WRITE`	✓ Aligned	index.js:20-35 readExcel, index.js:80-115 writeExcel
Network	`NONE`	`NONE`	—	No network requests found
Shell	`NONE`	`NONE`	—	No subprocess/exec found
Environment	`NONE`	`NONE`	—	No process.env access found
Skill Invoke	`NONE`	`NONE`	—	disable-model-invocation: true in skill.yaml
Clipboard	`NONE`	`NONE`	—	No clipboard access found
Browser	`NONE`	`NONE`	—	No browser usage found
Database	`NONE`	`NONE`	—	No database access found

89 findings

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/@fast-csv/format/-/format-4.3.5.tgz

package-lock.json:22

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/@fast-csv/parse/-/parse-4.3.6.tgz

package-lock.json:36

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/@types/node/-/node-14.18.63.tgz

package-lock.json:51

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/archiver/-/archiver-5.3.2.tgz

package-lock.json:57

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/archiver-utils/-/archiver-utils-2.1.0.tgz

package-lock.json:75

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/readable-stream/-/readable-stream-2.3.8.tgz

package-lock.json:96

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/safe-buffer/-/safe-buffer-5.1.2.tgz

package-lock.json:111

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/string_decoder/-/string_decoder-1.1.1.tgz

package-lock.json:117

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/async/-/async-3.2.6.tgz

package-lock.json:126

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/balanced-match/-/balanced-match-1.0.2.tgz

package-lock.json:132

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/base64-js/-/base64-js-1.5.1.tgz

package-lock.json:138

🔗

Medium External URL 外部 URL

https://www.patreon.com/feross

package-lock.json:147

🔗

Medium External URL 外部 URL

https://feross.org/support

package-lock.json:151

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/big-integer/-/big-integer-1.6.52.tgz

package-lock.json:158

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/binary/-/binary-0.3.0.tgz

package-lock.json:167

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/bl/-/bl-4.1.0.tgz

package-lock.json:180

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/bluebird/-/bluebird-3.4.7.tgz

package-lock.json:191

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/brace-expansion/-/brace-expansion-1.1.12.tgz

package-lock.json:197

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/buffer/-/buffer-5.7.1.tgz

package-lock.json:207

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/buffer-crc32/-/buffer-crc32-0.2.13.tgz

package-lock.json:231

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/buffer-indexof-polyfill/-/buffer-indexof-polyfill-1.0.2.tgz

package-lock.json:240

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/buffers/-/buffers-0.1.1.tgz

package-lock.json:249

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/chainsaw/-/chainsaw-0.1.0.tgz

package-lock.json:257

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/compress-commons/-/compress-commons-4.1.2.tgz

package-lock.json:269

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/concat-map/-/concat-map-0.0.1.tgz

package-lock.json:284

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/core-util-is/-/core-util-is-1.0.3.tgz

package-lock.json:290

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/crc-32/-/crc-32-1.2.2.tgz

package-lock.json:296

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/crc32-stream/-/crc32-stream-4.0.3.tgz

package-lock.json:308

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/csv-parser/-/csv-parser-3.2.0.tgz

package-lock.json:321

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/csv-stringify/-/csv-stringify-6.7.0.tgz

package-lock.json:333

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/dayjs/-/dayjs-1.11.20.tgz

package-lock.json:339

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/duplexer2/-/duplexer2-0.1.4.tgz

package-lock.json:345

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/end-of-stream/-/end-of-stream-1.4.5.tgz

package-lock.json:384

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/exceljs/-/exceljs-4.4.0.tgz

package-lock.json:393

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/fast-csv/-/fast-csv-4.3.6.tgz

package-lock.json:413

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/fs-constants/-/fs-constants-1.0.0.tgz

package-lock.json:426

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/fs.realpath/-/fs.realpath-1.0.0.tgz

package-lock.json:432

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/fstream/-/fstream-1.0.12.tgz

package-lock.json:438

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/glob/-/glob-7.2.3.tgz

package-lock.json:454

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/graceful-fs/-/graceful-fs-4.2.11.tgz

package-lock.json:475

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/ieee754/-/ieee754-1.2.1.tgz

package-lock.json:481

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/immediate/-/immediate-3.0.6.tgz

package-lock.json:501

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/inflight/-/inflight-1.0.6.tgz

package-lock.json:507

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/inherits/-/inherits-2.0.4.tgz

package-lock.json:518

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/isarray/-/isarray-1.0.0.tgz

package-lock.json:524

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/jszip/-/jszip-3.10.1.tgz

package-lock.json:530

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/lazystream/-/lazystream-1.0.1.tgz

package-lock.json:572

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/lie/-/lie-3.3.0.tgz

package-lock.json:614

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/listenercount/-/listenercount-1.0.1.tgz

package-lock.json:623

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/lodash.defaults/-/lodash.defaults-4.2.0.tgz

package-lock.json:629

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/lodash.difference/-/lodash.difference-4.5.0.tgz

package-lock.json:635

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/lodash.escaperegexp/-/lodash.escaperegexp-4.1.2.tgz

package-lock.json:641

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/lodash.flatten/-/lodash.flatten-4.4.0.tgz

package-lock.json:647

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/lodash.groupby/-/lodash.groupby-4.6.0.tgz

package-lock.json:653

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz

package-lock.json:659

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/lodash.isequal/-/lodash.isequal-4.5.0.tgz

package-lock.json:665

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/lodash.isfunction/-/lodash.isfunction-3.0.9.tgz

package-lock.json:672

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/lodash.isnil/-/lodash.isnil-4.0.0.tgz

package-lock.json:678

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz

package-lock.json:684

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/lodash.isundefined/-/lodash.isundefined-3.0.1.tgz

package-lock.json:690

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/lodash.union/-/lodash.union-4.6.0.tgz

package-lock.json:696

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/lodash.uniq/-/lodash.uniq-4.5.0.tgz

package-lock.json:702

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/minimatch/-/minimatch-3.1.5.tgz

package-lock.json:708

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/minimist/-/minimist-1.2.8.tgz

package-lock.json:720

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/mkdirp/-/mkdirp-0.5.6.tgz

package-lock.json:729

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/normalize-path/-/normalize-path-3.0.0.tgz

package-lock.json:741

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/once/-/once-1.4.0.tgz

package-lock.json:750

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/pako/-/pako-1.0.11.tgz

package-lock.json:759

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/path-is-absolute/-/path-is-absolute-1.0.1.tgz

package-lock.json:765

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/process-nextick-args/-/process-nextick-args-2.0.1.tgz

package-lock.json:774

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/readable-stream/-/readable-stream-3.6.2.tgz

package-lock.json:780

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/readdir-glob/-/readdir-glob-1.1.3.tgz

package-lock.json:794

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/brace-expansion/-/brace-expansion-2.0.2.tgz

package-lock.json:803

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/minimatch/-/minimatch-5.1.9.tgz

package-lock.json:812

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/rimraf/-/rimraf-2.7.1.tgz

package-lock.json:824

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/safe-buffer/-/safe-buffer-5.2.1.tgz

package-lock.json:837

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/saxes/-/saxes-5.0.1.tgz

package-lock.json:857

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/setimmediate/-/setimmediate-1.0.5.tgz

package-lock.json:869

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/string_decoder/-/string_decoder-1.3.0.tgz

package-lock.json:875

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/tar-stream/-/tar-stream-2.2.0.tgz

package-lock.json:884

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/tmp/-/tmp-0.2.5.tgz

package-lock.json:900

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/traverse/-/traverse-0.3.9.tgz

package-lock.json:909

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/unzipper/-/unzipper-0.10.14.tgz

package-lock.json:918

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/util-deprecate/-/util-deprecate-1.0.2.tgz

package-lock.json:966

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/uuid/-/uuid-8.3.2.tgz

package-lock.json:972

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/wrappy/-/wrappy-1.0.2.tgz

package-lock.json:981

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/xmlchars/-/xmlchars-2.2.0.tgz

package-lock.json:987

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/zip-stream/-/zip-stream-4.1.1.tgz

package-lock.json:993

🔗

Medium External URL 外部 URL

http://mirrors.tencentyun.com/npm/archiver-utils/-/archiver-utils-3.0.4.tgz

package-lock.json:1007

File Tree

8 files · 56.1 KB · 1623 lines

JSON 2f · 1054L JavaScript 2f · 442L Markdown 1f · 70L YAML 1f · 45L CSV 2f · 12L

├─ 📜 index.js JavaScript 375L · 9.7 KB

├─ 📋 package-lock.json JSON 1027L · 39.9 KB

├─ 📋 package.json JSON 27L · 555 B

├─ 📝 SKILL.md Markdown 70L · 2.1 KB

├─ 📋 skill.yaml YAML 45L · 811 B

├─ 📄 test-data.csv CSV 6L · 150 B

├─ 📄 test-output.csv CSV 6L · 150 B

└─ 📜 test.js JavaScript 67L · 2.8 KB

Dependencies 3 items

Package	Version	Source	Known Vulns	Notes
`exceljs`	`^4.4.0`	npm	No	Safe alternative to vulnerable xlsx library
`csv-parser`	`^3.0.0`	npm	No	Standard CSV parsing library
`csv-stringify`	`^6.5.0`	npm	No	Standard CSV generation library

Security Positives

✓ Uses exceljs instead of vulnerable xlsx library (as documented)

✓ No code execution capabilities (executeScript removed as claimed)

✓ All dependencies pinned with versions in package.json

✓ No network requests or external communication

✓ No credential harvesting or environment variable access

✓ disable-model-invocation: true prevents autonomous behavior

✓ Pure data processing with no obfuscation or suspicious patterns

✓ Documentation accurately reflects implementation

Scan Report

File Tree

Dependencies 3 items

Security Positives