Skillv1.0.0

ClawScan security

Stock Summary · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 6, 2026, 1:15 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly does what it says (fetch quotes, compute RSI/MACD, draw a chart) but contains several implementation inconsistencies and sloppy choices (hard-coded filesystem path, market-detection bug, undeclared Python deps) that should be resolved or reviewed before installing.
Guidance: Before installing or running: 1) Review and fix the market-detection regex (5-digit numeric codes will currently be treated as CN, not HK). 2) Confirm where the chart will be written — the script uses a hard-coded '/root/.openclaw/workspace/stock_chart.png' path that may not exist or may expose host filesystem; prefer a relative or documented workspace path. 3) Ensure required Python packages (requests, numpy, matplotlib, yfinance) are present in a sandboxed runtime; if the agent will auto-install them, be aware that pip installs require network access and can pull arbitrary code. 4) Test the script in an isolated environment to validate outputs and error handling (the code has some naive error handling and unused imports). 5) If you plan to use it in a production agent, request the publisher add an explicit install spec, document dependencies and output paths, and correct the noted bugs. These issues look like sloppy engineering rather than intentional malice, but they increase operational risk and merit review.

Review Dimensions

Purpose & Capability: noteName/description match the code: the script fetches A/H/US market data, computes RSI/MACD and renders a 1-month chart. No credentials or unrelated services are requested. However, the implementation has minor mismatches with the doc (see instruction_scope): e.g., SKILL.md says save as stock_chart.png (no path) but script writes to /root/.openclaw/workspace/stock_chart.png. Also regexes for market detection will misclassify some 5-digit codes (HK) as CN.
Instruction Scope: concernSKILL.md instructs running python3 scripts/stock_summary.py <code> and sending stock_chart.png; the script writes to a hard-coded path under /root/.openclaw/workspace which is not documented. The script performs network calls to EastMoney and Yahoo (via yfinance/requests), and will require Python packages at runtime even though no install steps are provided. The script imports subprocess/os (subprocess unused) and writes files — these behaviors are within scope for a data-fetching tool but the hard-coded root path and undocumented network/dependency needs are concerning.
Install Mechanism: noteNo install spec is provided (instruction-only skill), so runtime must already have dependencies (requests, numpy, matplotlib, yfinance). If the agent or operator attempts to auto-install these, that implies network access and arbitrary package installation which increases risk. Lack of an explicit, auditable install step is a practical and security concern.
Credentials: okThe skill requests no environment variables, credentials, or config paths. Network access to third-party APIs (EastMoney, Yahoo) is required but proportionate to the stated purpose. No secrets are requested or read.
Persistence & Privilege: okalways is false and the skill does not request persistent/global privileges. It writes an image file to a workspace path; there is no code that modifies other skills or global agent configuration.