Skillv1.2.7

ClawScan security

Hk Stock Morning Report · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 28, 2026, 2:46 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill claims to produce and send an HK stock morning report, but its instructions reference missing helper scripts/tools, expect message delivery without declaring credentials, and the included code has bugs and writes to a root workspace — these inconsistencies merit caution.
Guidance: Do not run this skill in production or give it broad automation rights yet. Specific recommendations: - Missing files: SKILL.md references scripts/fetch_southbound_data.py and a southbound template that are not in the package — ask the author for the missing files or a corrected package. - Messaging: The skill instructs sending via WeChat and Feishu but declares no credentials or APIs — clarify how messages are delivered and where credentials should be stored. Never paste tokens into chat; prefer platform-integrated connectors. - External tool: SKILL.md requires 'tavily_search' (and web scraping of stcn.com etc.) but the skill does not declare that dependency. Confirm the runtime environment will provide the search tool or provide an alternate, auditable implementation. - Code issues: scripts/generate_report.py contains bugs (uses datetime.timedelta but imports datetime incorrectly) and assumes WORKDIR '/root/.openclaw/workspace'. Run the script in a sandbox and review/patch it before use; change file paths to a non-root workspace. - Data handling: the skill tells the agent to record source URLs/timestamps in memory (not shown how). Ensure any stored data does not leak to external services and that source collection follows your org's data policies. If you still want to use it: request the missing helper scripts and documentation for message delivery, test locally in an isolated environment, and require explicit configuration for any credentials with least privilege. If the author cannot explain the missing pieces and delivery method, treat the package as incomplete and untrusted.

Review Dimensions

Purpose & Capability: noteThe skill's stated purpose (generate HK morning report) matches the included format, rules, and a small generator script, but the SKILL.md also depends on other helper scripts (e.g., scripts/fetch_southbound_data.py, southbound_report_template.md) and an external search tool (tavily_search) that are not present in the package or declared as requirements. The skill also instructs sending via WeChat and Feishu yet declares no credentials or integration code.
Instruction Scope: concernRuntime instructions require: web searches (tavily_search), scraping specific sites (stcn.com, gelonghui, futunn, gov.hk), recording source URLs/timestamps in memory, and sending reports to WeChat personal + Feishu group. The SKILL.md gives the agent broad discretion to perform searches and collect data, but does not declare the search tool or any messaging integration; it also references writing JSON to data/southbound_latest.json and other files that are not present. This grants the agent open-ended network and filesystem actions that are not fully implemented in the package.
Install Mechanism: okNo install spec (instruction-only plus one script) — lowest install risk. The only included code is a local Python script that fetches index data from qt.gtimg.cn; there is no download-from-URL or package install. However, the script assumes certain runtime environment (python3 available, network access).
Credentials: concernThe skill declares no required environment variables or credentials, yet SKILL.md expects the agent to send messages to WeChat and Feishu and to run tavily_search. Those delivery/send steps normally require API credentials/tokens. The absence of declared credentials is an inconsistency: either the skill expects the agent to have other integrations preconfigured (not documented) or it omits required secret access, which could lead to manual workaround behaviors or accidental exposure when the agent attempts to use other credentials.
Persistence & Privilege: notealways=false (normal). The included script writes output to WORKDIR = '/root/.openclaw/workspace' which suggests assumptions about filesystem layout and privileged user context; that path is unusual for a non-privileged skill and could overwrite files in a root home if run as root. The skill does not request persistent automatic inclusion or modify other skills' configs.