Gold Monitor Skill
Security checks across malware telemetry and agentic risk
Overview
The skill appears to do what it says—query market prices and compute a gold/oil signal—with only purpose-aligned notes about package installation, external data requests, and investment guidance.
This skill looks safe for its stated purpose. Before installing, be comfortable with installing the pinned Python packages, allowing read-only requests to external market-data providers, and treating the investment signals as informational rather than personalized advice.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill's dependencies may add or modify Python packages on the user's machine.
The skill requires installing third-party Python dependencies before use. This is expected for a market-data tool and the requirements are pinned, but it still changes the local Python environment.
Before first use, install dependencies: pip install -r {{SKILL_DIR}}/requirements.txtInstall in a virtual environment and review the pinned dependencies if you have strict supply-chain requirements.
Using the skill contacts external financial data providers to retrieve quotes.
The skill discloses external market-data requests, and query.py uses fixed symbols rather than sending user files or credentials. The network access is purpose-aligned.
This skill makes outbound HTTP requests to the following hosts only: hq.sinajs.cn ... akshare API endpoints ... No credentials or API keys are required. All requests are read-only.
Allow network access only if you are comfortable with those read-only data-provider requests.
A user could rely on simplified signals when making financial decisions.
The skill intentionally presents rule-based gold/oil-ratio output as investment guidance. This is disclosed and purpose-aligned, but users may give it more weight than warranted.
For GORATIO, highlight the `signal` and present `advice` as investment guidance.
Treat the output as general market information and verify with other sources before making investment decisions.