Skillv2.0.0

ClawScan security

A Stock Trading Assistant · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 15, 2026, 7:16 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The instructions claim to run local Python scripts and persist watchlists, but the published skill contains no code or declared storage paths—this mismatch is unexplained and warrants caution.
Guidance: Do not install or run this skill as-is. Ask the publisher for the missing implementation files (scripts/fetch_stock.py, references/*.md) or an install spec that provisions them. Verify where watchlists and alerts are stored (filesystem path or external service) and whether the agent will have network access to scrape the listed sites. Confirm scraping is compliant with the data sources' terms and that executing any provided Python scripts is safe (review code). If you cannot obtain the code, consider rejecting the skill because the SKILL.md's runtime actions cannot be satisfied by the published package and could lead the agent to attempt unsupported operations.

Review Dimensions

Purpose & Capability: concernThe SKILL.md repeatedly references local scripts (e.g., scripts/fetch_stock.py) and reference files (references/*.md) that would be required for runtime, yet the skill package contains no code files or install spec. A consumer would reasonably expect those scripts to exist or an install step to provide them; their absence is incoherent with the described functionality.
Instruction Scope: noteInstructions direct the agent to fetch real-time data from third‑party finance sites (东方财富/新浪/同花顺/雪球) which is consistent with the trading purpose. However the doc also instructs reading/writing local reference files (e.g., references/watchlist.md) and running specific local commands under /app/skills/..., which cannot be satisfied by an instruction-only package as published. Also the instructions imply the skill should 'actively' check pre-set alerts in later conversations (persistence), but no mechanism for that persistence is provided.
Install Mechanism: okNo install spec is provided (instruction-only). That minimizes direct install risk, but increases reliance on environment-provided scripts and files that are missing from this package.
Credentials: noteThe skill requests no environment variables or credentials, which is proportionate for read-only data scraping. Still, it expects network access to external finance sites and does not declare or document any rate-limiting, API keys, or scraping behavior—this can have operational/legal implications but is not a direct credential mismatch.
Persistence & Privilege: concernSKILL.md instructs recording user watchlists and later proactively verifying alerts (implying persistent state), yet the registry lists no required config paths and there are no files in the package to implement persistence. The skill does not request always:true, but its described behavior assumes writable local storage and continuity across conversations—this is an unresolved inconsistency.