Skillv1.0.0

ClawScan security

Stock Prediction · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 17, 2026, 9:04 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's actions (starting local services, running conda/Python, and writing files to a hardcoded Administrator Desktop path) are coherent with a local prediction workflow, but there are important gaps and Windows/global-local assumptions (missing OCR/image-processing code, hardcoded paths, and process-start behavior) that merit caution before installing or running it on a production machine.
Guidance: This skill will run local commands (conda activate, python main.py, batch_predict.py), start processes, call localhost:8000, and read/write files under C:\Users\Administrator\Desktop\kronos. Before installing or running it: 1) Verify where image OCR/stock-code-extraction is implemented (the provided scripts don't do OCR); 2) Inspect the backend code (main.py, batch_predict.py) that the skill will start — those files are not included here and could perform arbitrary actions; 3) Do not run on a production or sensitive host — test inside an isolated VM or sandbox first; 4) Update hardcoded paths and conda environment names to point to a non-privileged, known directory or use a dedicated user; 5) Ensure you trust the source (no homepage/unknown owner) and consider firewalling localhost:8000 or monitoring outbound connections while testing. The package is coherent for a local workflow but missing components and hardcoded assumptions make it risky without further review.

Review Dimensions

Purpose & Capability: noteThe skill claims end-to-end image→prediction behavior and includes scripts to check/start a local backend, switch models, run batch predictions, and read result files. That broadly matches a local prediction workflow. However, the SKILL.md promises image stock-code extraction but none of the provided scripts perform OCR or image parsing — that functionality is missing from the bundle. The code is also tightly tied to a Windows Administrator Desktop path and a specific conda environment, which is a strong environmental assumption that may not match users' systems.
Instruction Scope: noteRuntime instructions explicitly tell the agent to create folders under C:\Users\Administrator\Desktop\kronos, start/ensure a local service via localhost:8000, activate a conda env, run batch_predict.py, and read result files to send to the user. These actions stay within the claimed purpose (local prediction), but they require the agent to run local commands, spawn processes, and write files to a specific Administrator directory — operations that have real side effects and should not be executed on a machine you don't control or without verifying the backend code.
Install Mechanism: okNo install spec / no external downloads. The skill is instruction-first and ships three helper scripts. Nothing in the manifest downloads arbitrary code or uses third-party registries.
Credentials: noteThe skill requests no environment variables or external credentials, and makes only localhost HTTP calls. That is proportionate. However, it hardcodes sensitive-looking local paths (Administrator Desktop) and a conda environment name; these assumptions elevate risk if run with elevated privileges or on a multi-user host. Also the skill will spawn processes (python main.py) and could run arbitrary code present in the local backend.
Persistence & Privilege: okThe skill does not request always:true and does not modify other skills or system-wide settings in the provided files. It does, however, start a local service process and launch commands while running, which is expected for a local workflow but is an action with privilege implications at runtime.