Skillv0.3.0

ClawScan security

Stock Copilot Pro · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 28, 2026, 12:28 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, declared network access, and required credential (QVERIS_API_KEY) align with its stated stock-analysis purpose and do not request disproportionate environment access or unusual install behavior.
Guidance: This skill appears to do what it says: it routes multi-source market queries through QVeris and needs only the QVERIS_API_KEY. Before installing, confirm you trust QVeris (qveris.ai) because the skill will make outbound requests there and that service in turn may query other provider APIs on your behalf. Provide an API key with the minimum scope possible and monitor its use. Review the infra/qveris-client.mjs (included in the package) if you want to confirm which endpoints are contacted and how the key is attached. Be aware the skill stores a local watchlist and a small evolution state file inside the skill folder; these do not contain credentials per the README, but you may want to place the skill in an isolated environment if you plan to run scheduled/autonomous jobs. Finally, if you want maximum caution, run first-time executions interactively (not as an automated cron) and verify observed network requests match expectations.

Review Dimensions

Purpose & Capability: okThe skill is a multi-source stock analysis tool that routes queries through the QVeris gateway; requesting a single QVERIS_API_KEY is appropriate. The code files implement quote/fundamentals/technicals/sentiment logic and watchlist/brief/radar features consistent with the description. Minor note: metadata described the package as “instruction-only” but the package contains many code files and a local-skill-execution runtime — this is an implementation detail rather than a security mismatch.
Instruction Scope: okSKILL.md and the code instruct the agent to call QVeris tools and to read/write only local skill files (watchlist and evolution state). Runtime behavior (tool discovery, executeTool, resolveToolPayload) is scoped to QVeris calls and content fetches are restricted to qveris.ai. The skill does not instruct reading unrelated system files or additional env vars.
Install Mechanism: okNo external installers or remote downloads are required; install mechanism is local-skill-execution and code is included in the package. This keeps install risk low. There are no extract-from-URL installs or third-party package downloads in the provided metadata.
Credentials: okOnly QVERIS_API_KEY is required and is the primary credential, which is proportional to a skill that calls the QVeris MCP/API gateway. The SKILL.md states the key is used in a read-only scope and the code indicates no other credentials are read/persisted. (You should treat the key as sensitive and restrict its scope if possible.)
Persistence & Privilege: okThe skill persists only to files inside its own directory (config/watchlist.json and .evolution/tool-evolution.json) and does not request always:true or system-wide changes. Auto-invocation is enabled by default but that is the platform default; the skill does include example cron jobs in the repo (informational) which could schedule recurring runs if the user configures them.