Smart HR Assistant for Chinese small and medium businesses. Handles employee roster management, organizational structure, monthly payroll calculation (indivi...
Security Analysis
medium confidenceThe skill's code, instructions, and requested permissions are broadly consistent with an Excel-based local HR/payroll assistant; no obvious exfiltration or unrelated credential requests were found, but there are minor metadata inconsistencies and a prompt-injection pattern in the packaged prompts that you should review before use.
Name/description (HR assistant for local Excel-based payroll/attendance) align with the shipped code: many Python modules (payroll_engine, attendance_manager, employee_manager, excel_adapter, hr_store) implement the advertised features. The declared manifest permissions (filesystem read/write) match the stated need to load and persist Excel/JSON files. One minor inconsistency: top-level registry summary lists no required binaries, while skill.yaml requires python3 and packages (openpyxl, xlrd) — this is likely an authoring mismatch but not a functional surprise.
SKILL.md explicitly instructs the agent to only process user-uploaded Excel files and to store all data locally (.hr-data). The code shown reads given file paths via ExcelAdapter/EmployeeManager and persists to .hr-data, which is coherent. Caveat: the skill accepts arbitrary file paths provided by the user; if a user (or attacker via UI) supplies a path to a sensitive file, the skill will attempt to open/read it according to its Excel handling logic. The SKILL.md states it will not process non-Excel files, but some code paths fall back to attempting to open unknown extensions with openpyxl/xlrd — so user input of paths should be treated carefully.
There is no install spec (instruction-only install), so nothing is downloaded at install time — lower installation risk. However skill.yaml declares Python dependencies (openpyxl, xlrd). That means running the skill requires installing these packages but the skill does not include an automated installer; this is normal but worth noting. No network endpoints (external URLs) were found in the provided file excerpts.
The skill requests no environment variables or external credentials. It requires filesystem read/write which is justified by local Excel import and .hr-data persistence. No extra secrets or unrelated service tokens are requested.
The skill persists its own data under .hr-data in the user's workspace and does not claim to alter other skills or system-wide settings. always:false (default) and model invocation is allowed (normal). The persistence behavior (write audit logs, conversations, payroll JSON) is expected for an HR assistant but is privacy-sensitive — data remains local per the docs.
Guidance
This package looks like a legitimate local Excel-based HR/payroll tool whose code and instructions match the advertised purpose. Before installing or running it: 1) Verify dependencies (python3, openpyxl, xlrd) are installed in an isolated environment (venv/container). 2) Inspect the omitted/truncated files for any network calls or telemetry (none were visible in provided excerpts, but some files were truncated). 3) Only supply Excel files you trust — the tool will open any user-provided path, so do not point it at system/private files. 4) Review prompts/onboarding.md and SKILL.md if you are concerned about prompt content influencing the agent. 5) If you will run this in production or with real employee data, run the test suite locally and store .hr-data in a controlled location with backups and access controls. If you want me to, I can scan the remaining truncated files for network or credential-usage patterns before you install.
Latest Release
v1.2.5
- English description updated for better clarity and broader HR business scenarios. - No functionality changes; all features and usage remain the same. - Internal documentation improvements for more explicit onboarding use cases.
Popular Skills
Published by @stoned0516 on ClawHub
