Back to skill
Skillv1.0.1
ClawScan security
Asset Allocation · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 7, 2026, 7:53 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's claims, instructions, and required resources are internally consistent for an investment-advisory assistant and it does not request unexpected system access or credentials.
- Guidance
- This skill appears coherent and limited to financial advisory tasks, but note the publisher/source is unknown and there is no homepage — verify the origin before installing. The skill will generate product-specific purchase steps (including platform names and product codes) using its local reference files; double-check any product codes, availability, fees, and regulatory considerations before acting on them. Never share bank/Account passwords, OTPs, or brokerage credentials with the skill. If you need licensed or fiduciary advice, consult a regulated professional in your jurisdiction.
Review Dimensions
- Purpose & Capability
- okName/description (investment advisory, asset allocation, product selection) match the SKILL.md and the included reference documents. The skill does not request unrelated binaries, env vars, or config paths.
- Instruction Scope
- okRuntime instructions are limited to collecting a user's financial profile, assessing goals/risk, performing macro analysis, producing an IPS and execution steps, and using the shipped reference files; they do not instruct reading system files, environment variables, or contacting hidden external endpoints.
- Install Mechanism
- okNo install specification and no code files — instruction-only skill. Nothing will be downloaded or written to disk by an installer.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. All actions described rely on user-supplied financial data and the packaged reference documents.
- Persistence & Privilege
- okalways is false and the skill does not request persistent or elevated privileges. Autonomous invocation is allowed (platform default) but not accompanied by other risk-enhancing privileges.