Skillv1.0.0

ClawScan security

SEC_Market MCP (AI Agent + Company US) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 24, 2026, 4:00 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally coherent as an API wrapper, but there are concerning mismatches (anonymous source, a non‑official Vercel domain, and advertised payment/commerce capabilities with no declared credentials or provenance) that warrant caution before installing or allowing autonomous use.
Guidance: This skill points at an anonymous Vercel-hosted API that advertises SEC data plus ad, commerce, and payment features but provides no source or auth details. Before installing: (1) verify the vendor and a trustworthy homepage or source repo; (2) test only in read-only mode (list_filings, get_filing) and confirm claimed SEC lineage fields are present and verifiable; (3) do not enable or permit any machine-driven payment/purchase actions until you have explicit documentation of payment provider, authentication, and a sandbox environment; (4) restrict autonomous invocation or require explicit user confirmation for any action that could move money or create campaigns; (5) consider network egress controls or allowlisting this domain only after trust is established. If you need a definitive safety assessment, ask the publisher for a canonical homepage, API docs, and sandbox credentials and re-run the evaluation.

Review Dimensions

Purpose & Capability: concernThe SKILL.md claims SEC EDGAR‑backed company data, commerce, payments, and delivery capabilities served from https://market-royal-city.vercel.app. Those capabilities could reasonably exist on an external MCP API, but the skill provides no source/homepage, the domain is a generic Vercel app (not an official SEC or known vendor host), and commerce/payment functionality is advertised despite no declared credentials or payment provider details — this mismatch is unexpected and unexplained.
Instruction Scope: concernRuntime instructions are limited to curl POST/GET calls to the declared endpoints (no file or env access). However the doc explicitly states payments/deliveries can be machine-driven; allowing an agent to call an external endpoint that can create purchases or charge accounts is a meaningful scope expansion. The SKILL.md does not require or describe sandbox/test modes, authentication, or safeguards for financial actions.
Install Mechanism: okThis is an instruction-only skill with no install spec or code files, so nothing gets written to disk or installed — lowest install risk.
Credentials: concernNo environment variables or credentials are declared, yet the skill exposes commerce/payment endpoints. Payments and ad campaign creation typically require auth (API keys, payment tokens, merchant IDs). The absence of declared credentials is disproportionate to the advertised capabilities and leaves open questions about how authentication, authorization, and billing are handled.
Persistence & Privilege: okalways:false and no install persistence; the skill can be invoked autonomously (platform default) but does not request elevated or persistent system privileges. Autonomous invocation combined with the financial capabilities above increases risk, but autonomy itself is not a problem here.