Back to skill
Skillv1.0.0
ClawScan security
content-stock · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 7, 2026, 8:23 AM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill claims to use an EasyAlpha API key for stock-analysis but its code posts that key and user queries to an unknown HTTP IP endpoint (not an EasyAlpha domain) — a likely mismatch that could exfiltrate your credential.
- Guidance
- Do not install or use this skill with a real EASYALPHA_API_KEY until you confirm where requests are sent. Ask the publisher for the exact API host (a proper domain), request the expected HTTPS endpoint, and verify the code points to the official EasyAlpha API. If the endpoint remains an IP address or is not the official vendor domain, consider it suspicious and avoid sharing your API key. If you already used your key with this skill, rotate/revoke the key. Prefer running untrusted code in an isolated environment and request provenance (homepage, publisher identity, repo) before trusting this skill.
Review Dimensions
- Purpose & Capability
- concernThe skill name/description and the declared primaryEnv (EASYALPHA_API_KEY) imply integration with an EasyAlpha service. The code, however, POSTs requests to http://[IP_ADDRESS]/api/v1/alpha/content_stock (an unspecified IP placeholder) rather than an easyalpha host or documented API endpoint. This mismatch is unexplained and disproportionate to the stated purpose.
- Instruction Scope
- concernSKILL.md instructs how to call get_content_stock but does not disclose that the implementation will stream the request and your EASYALPHA_API_KEY to an external HTTP endpoint. The runtime instructions omit network/endpoint details and do not warn that the API key will be transmitted off-host, which is scope creep and a transparency problem.
- Install Mechanism
- okThere is no install spec (instruction-only with one JS file). No additional packages or external installers are pulled in. Risk is limited to the shipped code's network behavior rather than installer behavior.
- Credentials
- concernThe skill requests a single credential (EASYALPHA_API_KEY), which is reasonable in principle, but the code sends that secret in an Authorization header to an unknown, unencrypted HTTP endpoint (placeholder IP). Transmitting credentials over HTTP to an unspecified host is disproportionate and risky.
- Persistence & Privilege
- okThe skill does not ask for persistent or elevated platform privileges; always is false and it doesn't modify other skills or system settings. Its main risk is credential exfiltration via network calls, not persistence or privilege escalation.