Back to skill
Skillv1.0.0
ClawScan security
A股消息面分级解读 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 15, 2026, 6:13 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only, rule-based skill for classifying A‑share news items with no installs, no requested credentials, and its requirements match its stated purpose.
- Guidance
- This skill is internally consistent and only contains static heuristics for grading A‑share news, so it doesn't request secrets or install code. However: (1) the rules are high-level heuristics — they are not guarantees and can cause financial loss if followed blindly; (2) the SKILL.md has no provenance or data‑fetching instructions, so verify input sources (official filings, exchange notices) before relying on recommendations; (3) avoid granting trading/execution API keys to the agent unless you fully trust and log autonomous actions — combining this skill with an execution-enabled skill could lead to real trades; (4) consider backtesting these rules on historical data and adding source checks or confidence scoring before using them for live decisions.
Review Dimensions
- Purpose & Capability
- okName/description (A股消息面分级解读) match the SKILL.md: the file contains heuristics for grading news as 'real' or 'fake' positives and gives action suggestions. There are no unrelated env vars, binaries, or install steps requested.
- Instruction Scope
- okThe SKILL.md contains only trading heuristics and decision rules (classification tiers, checklist for subsidy announcements, stop/avoid rules). It does not instruct the agent to read arbitrary system files, access credentials, or transmit data to external endpoints.
- Install Mechanism
- okNo install spec and no code files — instruction-only skill. Nothing will be written to disk or downloaded by the skill itself.
- Credentials
- okThe skill declares no environment variables, credentials, or config paths. It does not ask for network tokens or unrelated secrets.
- Persistence & Privilege
- notealways is false and autonomous invocation is allowed by default. That is normal, but be aware: if this skill is combined with separate trading/execution skills that have API keys, the agent could act on its recommendations. The skill itself does not request persistence or elevated privileges.