Skillv1.1.0

ClawScan security

FireAnt Stock Price Checker · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 20, 2026, 3:59 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill broadly matches its stated purpose (fetching FireAnt pages and extracting stock data) but contains a few inconsistencies and a suspicious hard-coded binary path that warrant review before installing or running.
Guidance: This skill appears to do what it says (fetch and parse FireAnt pages) but review before use: 1) Inspect and, if needed, modify the hard-coded agent-browser path in scripts/check_stock.py — it should call a trusted binary on PATH, not /Users/loc/Library/…; 2) Verify the source and integrity of the 'agent-browser' CLI before installing/running it; 3) Note the metadata mismatch (slug 'vietstock' vs registry 'fireant-stock') — this may indicate sloppy packaging; 4) Run the script in an isolated environment (sandbox/container) first, and open the snapshot output to ensure it contains only public web content; 5) If you need to permit autonomous invocation, be extra cautious because the script will execute a local binary. If you cannot verify the agent-browser binary's origin, do not run this skill.

Review Dimensions

Purpose & Capability: noteName/description (FireAnt stock/index lookup) aligns with the included script which opens FireAnt URLs and extracts prices/stats. Minor inconsistencies: _meta.json.slug is 'vietstock' while registry slug is 'fireant-stock', and SKILL.md mentions performing a Google search to find pages but the script simply constructs the FireAnt URL directly. The declared dependency on an 'agent-browser' CLI is reasonable for a headless browser workflow.
Instruction Scope: concernSKILL.md restricts actions to opening FireAnt pages via an Agent Browser and extracting data. However, the script invokes an external binary via subprocess.run using a hard-coded, user-specific absolute path '/Users/loc/Library/pnpm/agent-browser' rather than a generic 'agent-browser' on PATH. Executing arbitrary binaries at absolute paths is risky and non-portable; this is the main scope/behavior concern. The script does not access environment variables, other files, or external endpoints beyond the target site.
Install Mechanism: noteThere is no install spec. The skill expects an external 'agent-browser' CLI but does not provide an installation step or verified source for that dependency. This increases friction and risk because a user must supply/install the dependency themselves; verify you obtain agent-browser from a trusted upstream.
Credentials: okThe skill requests no environment variables, no credentials, and no config paths. The lack of requested secrets is proportionate to the stated purpose.
Persistence & Privilege: okalways is false and the skill does not request persistent or elevated privileges. It does not modify other skills or system configs. Autonomous invocation is allowed by default (disable-model-invocation=false) which is normal for skills and not, by itself, a concern.