Back to skill
Skillv1.0.0
ClawScan security
stock-watchlist-aisa · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 18, 2026, 12:48 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's files and runtime behavior are consistent with its stated purpose (a local watchlist that uses an AISA API key and a Python script), with only minor documentation/metadata gaps to be aware of.
- Guidance
- This skill appears to do what it says: a local Python watchlist that uses an AISA-compatible model via AISA_API_KEY. Before installing, consider: (1) install the Python 'openai' package (the script depends on it); (2) review the script yourself — it will write a local JSON state file under ./.clawdbot/skills/stock-analysis/ by default (or CLAWDBOT_STATE_DIR if set); (3) the tool uses the model to 'fetch' prices (models can hallucinate market data), so verify results against a market-data source if you rely on alerts for trading; (4) the script reads AISA_BASE_URL and AISA_MODEL though those aren't declared in the metadata — don't set AISA_BASE_URL to an untrusted endpoint (an override could send your tickers/data to an arbitrary server); (5) treat the AISA_API_KEY like any API secret and use a key with minimal permissions; and (6) if you want stricter guarantees, run the script locally in an isolated environment and inspect or pin dependencies before giving it network access.
Review Dimensions
- Purpose & Capability
- okName/description match the code: a Python CLI watchlist that calls an AIsa-compatible model endpoint to get prices/signals. The declared primary credential (AISA_API_KEY) and required binary (python3) are appropriate. The script requires the Python 'openai' SDK (not installed automatically), which is reasonable for the stated approach.
- Instruction Scope
- noteSKILL.md instructs use of the bundled Python client and storing state in a repo-local directory — the script follows that. The runtime sends tickers and a prompt to the model and writes/reads a local JSON state file under .clawdbot (or CLAWDBOT_STATE_DIR). Note: the script relies on the model to 'fetch current price' (i.e., it uses an LLM response rather than a canonical market-data API), which can cause inaccurate/hallucinated price data; this is a functional risk rather than a metadata mismatch.
- Install Mechanism
- okThere is no install spec (instruction-only with an included script), so nothing is downloaded during install. The only required binary is python3; the Python dependency (openai) is referenced in the script header comments but not installed automatically — user/host must install it.
- Credentials
- concernPrimary required env var AISA_API_KEY is appropriate. However, the script also reads AISA_BASE_URL and AISA_MODEL (and CLAWDBOT_STATE_DIR) at runtime; AISA_BASE_URL and AISA_MODEL are not listed in the SKILL.md 'requires.env' section. Because AISA_BASE_URL can be overridden, a maliciously configured environment could redirect data to an arbitrary endpoint. The script sends the list of tickers and the prompt to the external model endpoint, so any custom base URL would receive that data.
- Persistence & Privilege
- okThe skill does not request always:true and will not be force-enabled. It writes only to a skill-local state file under .clawdbot (or a user-supplied CLAWDBOT_STATE_DIR) and does not modify other skills or system-wide settings. Autonomous invocation is enabled by default (normal for skills) and not by itself a sign of misbehavior.