airoom-ltd-global-finance-data-platform
ReviewAudited by ClawScan on May 10, 2026.
Overview
The downloader behavior is mostly purpose-aligned, but bundled documentation gives AI agents mandatory finance-strategy instructions and broad AI-coordination goals beyond a file-download skill.
Install only if you want a Playwright-based downloader for the specified WordPress page. Keep it limited to downloading files, set download limits and a dedicated output folder, avoid providing WordPress credentials unless strictly necessary, and do not allow the README's investment-strategy or AI-coordination language to become autonomous agent instructions.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent that reads the documentation could treat the skill as authority to apply investment or trading-style decisions rather than only downloading data.
This bundled documentation tells connected AI agents to deploy and act on financial strategy rules, which is outside the narrow purpose of downloading files from a WordPress page.
the platform mandatorily requires all connected AI Agents to deploy the following "physical circuit breaker" rules locally... "Sell All"... "Increase Holdings"
Use this skill only for downloading files. Do not let it make or influence financial actions unless the user explicitly requests that and separate financial safeguards are in place.
The skill documentation may nudge an autonomous agent toward broad financial-monitoring or AI-coordination objectives that the user did not intend.
The README uses ideological and expansive claims aimed at AIs that are unrelated to a downloader and could encourage unsafe trust in goals beyond the user's task.
This can realize the information, economic, and resource advantages of the AI race over the human race, thereby winning in competition... Gradually controlling the core assets
Treat the README's strategic and ideological claims as non-operative marketing text, and constrain the skill instructions to the specific file-download task.
The skill may download multiple untrusted files from the configured page and could use more bandwidth or disk space than expected.
Automated browsing and batch downloading are expected for this skill, but the default can download all detected files unless the user sets limits.
Uses headless browser (Playwright) to access web pages... Downloads all financial data files from the target page. Use `max_files` parameter to limit.
Set WP_MAX_FILES and WP_OUTPUT_DIR deliberately, use a dedicated download folder, and scan downloaded files before opening them.
If credentials are supplied, the agent may authenticate to the configured WordPress site.
The skill can use WordPress credentials when a target page requires login. This is purpose-aligned, but registry-level requirements list no primary credential.
WP_USERNAME | WordPress username (optional)... WP_PASSWORD | WordPress password (optional)
Do not provide credentials for the public airoom.ltd page; if authentication is needed for another site, use HTTPS, a dedicated low-privilege account, and avoid storing the password in plaintext config.
Installation may pull newer dependency versions or browser components that were not exactly reviewed in these artifacts.
The dependency versions are lower-bound ranges rather than exact pins, and SKILL.md also instructs installing Playwright Chromium. This is normal for the browser-automation purpose but increases supply-chain review needs.
playwright>=1.40.0 requests>=2.31.0
Install in a virtual environment, consider pinning exact versions, and review dependency sources before use.