ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Justice Plutus

v2.1.0

Local A-share analysis with Markdown/JSON reports, optional Feishu notifications, and optional iFinD enhancement.

8· 747·3 current·3 all-time
byWu Bo Yu@etherstrings
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required binary (python3), and required primary env (OPENAI_API_KEY) align with an LLM-powered local analysis pipeline. The skill explicitly requires a local JusticePlutus repository to exist, which explains the minimal files included here.
Instruction Scope
SKILL.md and the shipped wrapper script consistently instruct running the local pipeline (sh .../run_analysis.sh -> python -m justice_plutus run ...). The instructions explicitly reference optional notification/enhancement flows and the optional env vars needed for them. This is expected, but running the local module will execute arbitrary code from the user's JusticePlutus repository and may perform network calls (search providers, iFinD, Feishu, Telegram) when corresponding keys are present.
Install Mechanism
No install spec; instruction-only with a small wrapper script. Nothing is downloaded or extracted by the skill bundle itself.
Credentials
The skill declares OPENAI_API_KEY as the primary required credential, which is reasonable for LLM analysis. SKILL.md also lists numerous optional secrets (AIHUBMIX_KEY, GEMINI_API_KEY, IFIND_REFRESH_TOKEN, WENCAI_COOKIE, HSCLOUD_* tokens, FEISHU_WEBHOOK_URL, etc.) used only for optional enhancements. Those optional credentials are proportional to the optional features but should only be provided if the user intends to enable those enhancements.
Persistence & Privilege
always is false and the skill does not request system-wide changes or modify other skills. It only runs a local command and exports per-run environment variables when flags are used.
Assessment
This skill is internally consistent with its goal of running a local LLM-powered A-share analysis pipeline. Before installing or running: 1) ensure you have the actual JusticePlutus repository from a trusted source on the machine (the script runs python -m justice_plutus, which will execute that repository's code); 2) only provide the API keys/cookies you actually need (do not paste unrelated credentials); 3) review the JusticePlutus code (networking, webhook logic) if you plan to enable notifications or external enhancements; 4) consider running initial tests in a contained environment (VM or container) if you are unsure about the repository's provenance; and 5) note that optional features (iFinD, search providers, Feishu, Telegram) will cause network activity and require their own secrets.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b6gjdz8nv62zv7ep3cca2p983zpdg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3
EnvOPENAI_API_KEY
Primary envOPENAI_API_KEY

Comments