Security Portfolio Risk
PassAudited by ClawScan on May 11, 2026.
Overview
The provided artifacts look like a benign instruction-only financial risk-analysis skill, with only minor provenance and version metadata issues to notice.
This appears safe to install from a security perspective based on the provided artifacts. Treat its portfolio analysis as decision support rather than guaranteed financial advice, validate assumptions and data independently, and note that the source/provenance information is limited.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You cannot easily verify the upstream source or confirm that the in-file version matches the registry release, although the provided artifact does not contain runnable code.
The skill has no executable code or install script, but its external provenance is not supplied and the registry/frontmatter versions differ, so users have less context to verify the published release.
metadata: "Source: unknown"; "Homepage: none"; "Version: 2.0.0"; SKILL.md frontmatter: "version: 1.0.0"
Use it as an instruction-only aid and prefer clearer source and version provenance before relying on it in production financial workflows.