Skillv2.1.0

ClawScan security

InvAssistant · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 23, 2026, 4:56 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: InvAssistant's code, instructions, and required resources are consistent with a portfolio/signal-checker skill; requested access (config files, optional webhook secrets, Python runtime, network access to market/data endpoints) is proportional to its stated purpose.
Guidance: This skill appears to implement the trading-signal and portfolio-checking features it documents. Before installing: (1) Review the send_wecom/send_dingtalk/send_feishu scripts and only supply webhook URLs you control/trust — those endpoints will receive your portfolio data and any generated reports. (2) Keep invassistant-config.json and my_portfolio.json private (they may contain cost_basis, position sizes, and webhook secrets). (3) If you set INVASSISTANT_CONFIG, point it to a secure file; do not point it at system files. (4) Run it in an environment where you are comfortable with Python network access (it fetches data from Yahoo Finance and sends to configured webhooks). (5) If you plan to expose an outgoing webhook receiver to trigger checks from chat platforms, host that receiver securely (validate requests) as documented. If you want extra assurance, inspect the push adapter scripts locally to confirm they post only to configured webhooks and do not include hard-coded external endpoints.

Review Dimensions

Purpose & Capability: okName/description match the code and runtime behavior: the repository contains data fetcher (Yahoo Finance), engines for entry/exit logic, portfolio checker, and push adapters for WeCom/DingTalk/Feishu. Required binary is only python3 and no unrelated credentials or platform SDKs are requested.
Instruction Scope: noteSKILL.md and the scripts instruct the agent to read/write local config files (invassistant-config.json / my_portfolio.json), fetch market data, run the python checker, and optionally push reports to webhooks. That scope matches the purpose. Note: the skill is allowed to execute commands and write files (to create configs and save outputs) — this is expected but means the skill can modify files inside the skill workspace and will read any config path you set via INVASSISTANT_CONFIG.
Install Mechanism: okNo custom install spec; dependency installation is standard Python via requirements.txt (requests, pandas). No downloads from arbitrary or opaque URLs were found.
Credentials: okNo required environment variables are declared by the skill. Optional credentials are webhook URLs and secrets for push adapters (WeCom/DingTalk/Feishu) stored in config or env vars as documented — these are appropriate for a push-capable reporting skill. There are no requests for unrelated secrets (cloud provider keys, SSH keys, etc.).
Persistence & Privilege: okalways is false and the skill does not request elevated or permanent platform-wide privileges. It does not modify other skills. It may persist its own config and output files in the skill directory, which is normal for this functionality.