Skillv0.1.6

ClawScan security

BeerGaao · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 30, 2026, 8:49 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The package appears to implement an A‑share quant tool that matches its description, but the registry metadata/manifest claims (no env vars, instruction-only, no install) conflict with the included code, install instructions, and a required TUSHARE_TOKEN — this mismatch and the need to run code that persists data/networks warrants caution.
Guidance: Summary of what to check before installing: - Metadata inconsistency: the registry header said 'instruction-only' and 'no required env vars', but the package contains many Python files and explicitly requires a TUSHARE_TOKEN and pip installation. Treat that as a packaging/metadata integrity issue — confirm the source repo and author before trusting the package. - Source verification: review the GitHub repository (https://github.com/GanJiaKouN16/BeerGaao.git) yourself. If the repository is unavailable or unfamiliar, do not install. - Inspect network code: review stock_skill/providers/providers.py and any code that calls external endpoints to ensure requests go only to the declared endpoints (api.tushare.pro, push2.eastmoney.com) and not to unknown hosts. - Run in isolation: install and run only inside a disposable virtual environment or container. The package will create a local SQLite DB and write models/; ensure these files are stored where you expect and that config.env (which may contain tokens) is protected. - Secrets handling: provide TUSHARE_TOKEN via environment variable rather than committing it to config.env in the repo. If you must use config.env, store it securely and avoid checking it into version control. - Code review for serialization: the manifest claims joblib (pickle removed). Still, review any model save/load code to confirm no unsafe pickle usage. - Tests and behavior: run the included tests in an isolated environment to observe network calls and file writes before trusting it with real credentials or production data. If you want, I can: - point to specific files to inspect (e.g., providers/providers.py, config.py, any network helpers), - list network calls found in the code (if you provide the trimmed provider file contents), or - extract and summarize the env‑var usages and exact file paths the package will read/write.

Review Dimensions

Purpose & Capability: noteThe codebase (backtest engine, strategies, providers, persistence, ML models) directly supports the stated A‑share quant analysis purpose. Declared external services (Tushare, EastMoney) and SQLite/models storage are expected. No unrelated cloud credentials or unrelated binaries are requested by the code.
Instruction Scope: concernSKILL.md and the code instruct the agent/user to install and run a full Python package, call network APIs (Tushare/EastMoney), persist signals/models to a local SQLite DB and models/ folder, and load env/config files. That behavior is consistent with a quant tool but the runtime instructions access environment/config files (config.env) and persist data — which is expected but should be noted. There is no instruction to read unrelated system secrets, but the skill will read environment variables and a repository-local config.env.
Install Mechanism: noteThe repository contains a pip-based install_spec (pip install -e .) and requirements.txt with typical ML/finance packages. That is proportional for the stated functionality. However, registry metadata earlier indicated 'no install spec / instruction-only' which contradicts the included install instructions and package metadata — an inconsistency to verify. No suspicious external download URLs were observed in the provided manifest.
Credentials: concernThe code expects a TUSHARE_TOKEN and numerous optional configuration env vars (DB_PATH, COMMISSION_RATE, etc.), which are appropriate for the tool. The problem is the registry summary near the top listed 'Required env vars: none' while skill.json and SKILL.md require TUSHARE_TOKEN — this mismatch is a red flag in metadata integrity. No unrelated high‑privilege credentials are requested by the code.
Persistence & Privilege: noteThe package persists signal history and models to local storage (SQLite DB and models/), which is expected for this application. always:false and normal autonomous invocation are used. The skill does not request permanent platform-wide privileges or attempt to modify other skills' configs in the provided files.