ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

fintech-engineer

v1.0.1

Expert fintech engineer specializing in financial systems, regulatory compliance, and secure transaction processing. Masters banking integrations, payment systems, and building scalable financial technology that meets stringent regulatory requirement

3· 967·0 current·0 all-time
by@dubnium0
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description ('fintech-engineer') match the SKILL.md content: checklists, architecture and compliance guidance, and development workflows for payment/banking systems. There are no unrelated required binaries, env vars, or config paths requested.
Instruction Scope
The SKILL.md contains broad, high-level guidance and checklists for designing and operating fintech systems (compliance analysis, implementation, production excellence). It does not instruct the agent to read arbitrary local files, capture secrets, or call unexpected external endpoints, but its language is open-ended and gives the agent broad discretion (e.g., 'Implement solutions' and 'Query context manager'). Recommend restricting what the agent is allowed to access when invoked in a real environment.
Install Mechanism
No install spec and no code files are present (instruction-only). This is the lowest-risk install model — nothing is written to disk by an installer.
Credentials
The skill declares no required environment variables, credentials, or config paths. That is proportionate for a guidance/consultant-style skill and reduces risk of credential exfiltration.
Persistence & Privilege
The skill does not request always:true and uses platform defaults (user-invocable, model invocation allowed). Autonomous invocation is the platform default and not in itself problematic here.
Assessment
This SKILL is a high-level fintech engineering playbook and appears coherent and low-risk because it neither installs code nor requests credentials. Before enabling it in a production or high-privilege agent, verify its provenance (author/homepage) and run it in a restricted/test environment first. Constrain the agent's access (no production databases, no secret vault access) and require explicit human approval for any actions that would deploy code, change configs, or access sensitive data. If the skill is later updated to request credentials, read local files, or include an install script/download URL, treat that as a significant change and re-evaluate (such changes would raise suspicion).

Like a lobster shell, security has layers — review code before you run it.

latestvk976hh40n8q52hpmc1jastb3wd80xn57

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments