Skillv1.0.0

ClawScan security

a-share-analysis · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 10, 2026, 3:50 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement the claimed A‑share analysis functionality, but there are several inconsistencies and missing declarations (notably undeclared API/env requirements and mismatched script names) that could cause runtime surprises or unexpected network/auth behavior — review before use.
Guidance: This package mostly looks like a real A‑share analysis/report generator, but before installing or giving it access to your environment: 1) Review the code (or run in an isolated sandbox) — examples in SKILL.md reference filenames that don't exactly match the shipped scripts; that can cause unexpected behavior. 2) Expect the skill to write report and memory files under your home directory (a-share-reports/, memory/, and ~/.openclaw). If that's sensitive, run it in an isolated workspace. 3) The repo references external services (Firecrawl for news sentiment and OpenAI for vector search). Those require API keys (e.g., FIRECRAWL_API_KEY, OpenAI) but the registry did not declare them — only provide such keys if you trust what data will be sent. 4) If you plan to enable commercial/auto‑auth features, inspect firecrawl_auto_auth.py to confirm it only sets/uses local tokens and does not exfiltrate other credentials. 5) Ask the publisher to: declare required env vars in the skill metadata, fix mismatched example import names, and document exactly which external endpoints the skill calls. If you cannot get those assurances, test in a sandbox or decline to run with real credentials.

Review Dimensions

Purpose & Capability: noteName/description match the included code: there are many scripts for realtime quotes, technicals, fundamentals, sentiment, memory, and report generation which are coherent with an A‑share analysis tool. However the SKILL.md examples reference module names like fetch_technical_indicators.py and generate_report.py that do not exactly match the shipped filenames (e.g., fetch_technical_indicators_free.py, generate_report_pro.py, generate_report_detailed.py). That mismatch is unexpected and can cause runtime errors or indicate sloppy packaging.
Instruction Scope: concernThe runtime instructions show importing and running local scripts (fetchers and report generators) which is appropriate, but the SKILL.md and documentation also reference operations that read/write user files (reports in ~/.openclaw/workspace and a-share-reports/, memory/ storage) and external authentication flows (Firecrawl auto-auth). SKILL.md does not clearly document what data is persisted or what exact external endpoints will receive data. There is also a discrepancy between the script names used in examples and the actual filenames, which widens the agent's discretion to choose different modules or fail over to other code paths.
Install Mechanism: okNo install spec or remote downloads are present in the registry metadata — the skill is delivered as code bundled with the skill files (no external installer URLs). That reduces supply‑chain download risk. Dependencies are Python scripts and documented pip packages (requests, reportlab) — installing those is expected for this kind of tool.
Credentials: concernRegistry metadata declares no required env vars or credentials, but the included documentation and scripts reference third‑party services and credentials (FIRECRAWL_API_KEY, optional OpenAI API for memory/vector search, and Firecrawl browser authentication flow). Those are reasonable for optional features (news sentiment, vector memory), but they are NOT declared in requires.env. This omission is a mismatch: the skill can prompt for or attempt to use sensitive credentials that the metadata did not surface.
Persistence & Privilege: noteThe skill writes reports and 'memory' records to disk (a-share-reports/, memory/ and ~/.openclaw paths) and includes an organize_reports.py script — this persistence aligns with its reporting purpose. always: false and normal autonomous invocation are set. The ability to store persistent analysis and history increases blast radius (if credentials or sensitive inputs end up in stored reports), so users should be aware of local data written by the skill.