Skillv1.0.0

ClawScan security

investment-tracker-app · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 12, 2026, 3:12 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly matches its stated purpose (local investment-tracker interacting with a localhost backend), but there are a few inconsistencies and small risks you should understand before installing or running it.
Guidance: This skill appears to be a locally-focused assistant for interacting with a backend running at http://localhost:8000 and largely behaves as described. Before installing/using it: - Ensure you actually run the backend locally (uvicorn main:app on port 8000) before invoking the skill; otherwise curl will fail and the agent may prompt about starting the backend. - The skill will ask you to provide absolute image file paths for screenshot upload; be cautious about uploading sensitive files — only supply screenshots you intend to import. - Confirm the backend's .env (backend/.env) is configured correctly. DASHSCOPE_API_KEY is required for the AI/vision flows; README also references AI_BASE_URL and AI_MODEL which are backend config items (the skill metadata doesn't list these). Keep API keys secret and consider using a key with limited scope. - The README documents a dangerous endpoint (DELETE /api/reset?confirm=true) which will wipe all local data; the skill does not call it, but be careful not to run that endpoint accidentally. - The SKILL.md references base64 usage but the skill only lists curl as a required binary; make sure the environment has base64 (and other typical CLI utilities) if you plan to follow reference commands. If you want higher assurance: inspect and run the backend source locally yourself (the README points to a GitHub repo) before letting an AI agent perform file uploads or writes, and restrict which files you allow the agent to read/upload.

Review Dimensions

Purpose & Capability: noteName/description (investment portfolio manager) align with the instructions: all HTTP calls target a local backend (http://localhost:8000) and relate to holdings/cash/diary/curve/imports. Requiring curl is sensible. The declared primary credential DASHSCOPE_API_KEY also matches the README (used by the backend for AI/vision).
Instruction Scope: noteSKILL.md instructs the agent to POST local image files and to write a temporary file (/tmp/holdings_update.json). This is expected for screenshot-import functionality, but the instructions assume the agent (or user) will provide absolute image paths. The references also show use of base64 (B64=$(base64 -i <图片路径>)), but base64 is not listed in the skill's required binaries — a mismatch. README documents a destructive endpoint (DELETE /api/reset?confirm=true) in the backend; the skill does not call it, but it exists on the server and could be misused if someone invokes it manually or if the agent were instructed outside the documented flows.
Install Mechanism: okInstruction-only skill (no install spec, no code files executed by the installer). This reduces installation risk — nothing is downloaded or written by an install step.
Credentials: notePrimaryEnv DASHSCOPE_API_KEY is appropriate for the vision/AI features. However README and .env.example mention additional backend vars (AI_BASE_URL, AI_MODEL) and the README implies the backend must be configured; those are not declared in the registry metadata. It's reasonable (backend-side config), but the skill's metadata under-declares environment expectations.
Persistence & Privilege: okalways: false and no special persistence or cross-skill config modifications. The skill runs local curl commands and uses temporary files; it does not request elevated or platform-wide privileges in metadata.