test
ReviewAudited by ClawScan on May 10, 2026.
Overview
This instruction-only skill is coherent for generating AIME user behavior reports, but users should notice that it processes sensitive user logs/profile data and references local scripts/API fetching that were not included for review.
This skill appears benign for analyzing a specific AIME user Excel log. Before using it, confirm any referenced Python scripts and Ainvest API access are trusted and scoped, and protect the generated JSON/Markdown/Word reports because they may contain sensitive user behavior and investment-related information.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user obtains these scripts from elsewhere, that code was not reviewed here and could have different behavior from the documentation.
The instructions reference local helper scripts, but the provided manifest says this is an instruction-only skill with only SKILL.md present. This is an incomplete review/provenance context rather than evidence of malicious behavior.
python3 scripts/analyze_user.py <user_id> <excel_file> <start_date> <end_date>
Only run separately supplied scripts after reviewing their source and confirming they come from a trusted location.
The skill may rely on access to Ainvest user/profile data beyond the Excel file if the API path is used.
The documented --skip-api option implies the default workflow may fetch Ainvest API data, but the metadata declares no credential or configuration requirements. This appears purpose-aligned, but the API authority and credential boundary are not described.
跳过 Ainvest API 数据获取(仅分析 Excel)
Use the Excel-only mode unless API access is necessary, and confirm any Ainvest credentials or tokens are scoped to the needed user data.
Generated reports may contain identifiable user behavior, investment interests, account-related attributes, and speculative demographic inferences.
The skill instructs generation of persistent files containing raw extracted conversation data, complete user questions, and inferred demographic attributes. This is central to the analytics purpose but is privacy-sensitive.
JSON数据文件 (`user_{user_id}_data.json`):原始提取的数据 ... 完整的用户问句列表 ... 推测性别 ... 推测年龄Store outputs in a protected location, avoid sharing raw reports unnecessarily, and consider redacting identifiers or speculative demographic fields when not needed.