← Back to Skills Marketplace
sschepis

Flexible Data Importer

by sschepis · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
1531
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install flexible-data-importer
Description
AI-powered ingestion of CSV, JSON, and XLSX files with auto schema generation and seamless Supabase database integration.
README (SKILL.md)

OpenClaw Data Importer Skill

\x3C!-- SKILL-META id: flexible-data-importer version: 1.0.0 author: OpenClaw description: AI-driven data ingestion for CSV, JSON, XLSX with auto-schema generation and Supabase integration. capabilities:

  • data-ingestion
  • schema-generation
  • supabase
  • etl requires: llm: true filesystem: true network: true invocation: cli: data-importer \x3Cfile-path> api: UniversalImporter.execute(filePath) parameters:
  • name: filePath type: string required: true description: Path to the source file (CSV, JSON, XLSX). -->

An AI-driven skill that ingests disparate data formats (CSV, JSON, XLSX) and builds a structured Supabase database. It automatically infers relationships, types, and schema names.

Inputs

  • filePath: String - Path to the source file.
  • supabaseUrl: String - Your project URL.
  • supabaseKey: String - Service role key for schema creation.

Capabilities

  • Auto-Schema: No need to define tables beforehand.
  • Type Safety: Automatically converts strings to dates/numbers where appropriate.
  • Batched Uploads: Handles large historical datasets without crashing.
Usage Guidance
This skill appears to do what it claims (import files into Supabase using an LLM), but there are several inconsistencies and a real security implication: it expects a Supabase service_role key (full DB privileges) and possibly an OpenAI API key, yet the registry metadata does not declare those secrets. Before installing or using it: 1) Do not provide your production SUPABASE service_role key — create a least-privilege key or dedicated project for testing. 2) Ask the publisher for the full source (dist/cli.js, adapter implementations) to audit what data is read and where it is sent. 3) Prefer running the importer in a sandboxed environment with only the specific file(s) you intend to import. 4) Confirm how the skill handles sensitive fields (PII) and whether it transmits data to third parties beyond your Supabase project or the LLM provider. 5) If you cannot audit the code or limit credentials, treat this skill as untrusted and avoid giving high-privilege keys.
Capability Analysis
Type: OpenClaw Skill Name: flexible-data-importer Version: 1.0.0 The skill is classified as suspicious due to its inherent high-risk capabilities, specifically requiring `network: true` and `filesystem: true` permissions, and explicitly handling sensitive credentials like `SUPABASE_KEY` and `OPENAI_API_KEY` as outlined in `SKILL.md` and `README.md`. While these capabilities are necessary for its stated purpose of AI-driven data ingestion into Supabase, the handling of API keys and network access always presents a potential attack surface. There is no clear evidence of intentional malicious behavior, prompt injection attempts, or unauthorized data exfiltration beyond the stated purpose.
Capability Assessment
Purpose & Capability
SKILL.md and README describe a data-importer that uses an LLM and writes schemas to Supabase (auto-schema, upserts). That capability legitimately requires network, filesystem access, and a Supabase key. However, the registry header lists no required env vars or primary credential while the README/SKILL.md explicitly reference SUPABASE_URL, SUPABASE_KEY (service_role) and OPENAI_API_KEY. Also package.json indicates this is an npm package with a CLI (data-importer) but the bundle contains no source or dist files — inconsistent with the declared purpose.
Instruction Scope
Runtime instructions ask the agent to read an arbitrary file path (filePath) from the filesystem and upload and create schemas in a Supabase project. This scope is coherent with the importer purpose, but SKILL.md/README access environment variables and service keys that are not declared in the registry metadata. Reading arbitrary local paths plus networked upload is a sensitive combination: ensure the agent will only be given explicit file paths the user intends to import.
Install Mechanism
No install spec (instruction-only), which is lower risk. However, package.json and a large package-lock.json are present while no source or dist files are included in the bundle — this mismatch could indicate an incomplete package or omitted files. There's no download-from-URL or extract step in the manifest.
Credentials
The skill expects SUPABASE_URL and SUPABASE_KEY (explicitly a service role key in SKILL.md) and mentions OPENAI_API_KEY in README. A Supabase service_role key grants full database privileges (including schema changes and reading all data) and is high privilege; the registry metadata declares no required env vars or primary credential. Requesting such high-privilege credentials without declaring them is disproportionate and should be clarified. Prefer least-privilege credentials or require explicit user confirmation.
Persistence & Privilege
always is false and there is no indication the skill requests permanent agent presence or modifies other skills' config. Autonomous invocation is allowed (platform default) but does not increase concern by itself.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install flexible-data-importer
  3. After installation, invoke the skill by name or use /flexible-data-importer
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial publish
Metadata
Slug flexible-data-importer
Version 1.0.0
License
All-time Installs 1
Active Installs 1
Total Versions 1
Frequently Asked Questions

What is Flexible Data Importer?

AI-powered ingestion of CSV, JSON, and XLSX files with auto schema generation and seamless Supabase database integration. It is an AI Agent Skill for Claude Code / OpenClaw, with 1531 downloads so far.

How do I install Flexible Data Importer?

Run "/install flexible-data-importer" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Flexible Data Importer free?

Yes, Flexible Data Importer is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Flexible Data Importer support?

Flexible Data Importer is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Flexible Data Importer?

It is built and maintained by sschepis (@sschepis); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments