Skillv2.2.0

ClawScan security

A Stock Analyzer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 16, 2026, 5:59 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions and resources are coherent with an A‑share analysis/reporting tool: it fetches market/financial data, builds reports and can push them to configured webhooks; nothing requests unrelated credentials or performs obvious data-exfiltration.
Guidance: This skill appears to do what it claims (market data fetch → analysis → report → optional webhook push). Before installing or running: 1) Review and set the webhook URLs in config.json (feishu_webhook / dingtalk_webhook) — leaving them blank means no push. 2) Run in a restricted environment (non‑root, isolated directory) because it performs network I/O to public APIs and will write caches/reports to disk. 3) If you plan to enable automated cron runs, verify the cron command works and that the skill's network access is acceptable. 4) Expect some bugs (inconsistent report scores, and SKILL.md/config mismatch) — inspect logs/reports during initial runs. 5) Do not store sensitive credentials in config.json; the skill does not request them but any webhook you provide will receive the report content.

Review Dimensions

Purpose & Capability: okName/description match the code and files: scripts fetch market data (EastMoney/Tencent/akshare), compute indicators, generate reports and optionally push to Feishu/DingTalk. No unrelated credentials, binaries, or platform access are requested.
Instruction Scope: noteRuntime instructions and scripts stay within the stated purpose (fetch market data, analyze, write reports, push to webhooks). Minor inconsistencies: SKILL.md example config shows 'channels': ['dingtalk'] while the included config.json uses 'feishu' and an empty feishu_webhook. Reports in the repository contain inconsistent/contradictory risk scores (e.g. 100 then 0) which looks like a logic/reporting bug rather than malicious behavior. The scripts read and write only local files under the skill directory (config.json, cache, reports, logs) and send network requests to public market APIs and webhook endpoints — this is expected for this skill but worth noting.
Install Mechanism: okNo install spec; SKILL.md lists Python and pip packages (akshare, pandas, numpy, requests). Dependencies are proportional to the task. No downloads from untrusted URLs or archive extraction are present in the package.
Credentials: okThe skill requests no environment variables or secrets. Push webhooks are read from config.json (local file), which is reasonable for a push feature; there are no requests for unrelated service keys or system credentials.
Persistence & Privilege: okSkill is not always-enabled and uses normal autonomous invocation defaults. It does not attempt to modify other skills or system-wide agent configuration. It writes report/cache files only under its own directory.