Skillv1.0.0

ClawScan security

Financial Ratio Benchmarker · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 19, 2026, 5:18 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, declared requirements, and runtime instructions are consistent with a descriptive financial benchmarking utility; nothing requests unrelated credentials or network access, though there are minor documentation/code mismatches to be aware of.
Guidance: This skill appears to do what it says: local text parsing and returning structured JSON recommendations without contacting external services or requiring credentials. Two practical points before installing: (1) The documentation's phrase 'No real code execution' is misleading — the skill contains executable Python (handler.py) that will run locally when invoked; this is normal for a code-backed skill but not 'no code'. (2) The skill reflects portions of user input (input_preview, extracted amounts) in its output. Do not paste secrets, full account numbers, or confidential documents into prompts because those values may be echoed in responses. If you need absolute assurance that no code will run, ask the author to provide a pure-SKILL.md (instruction-only) version or a signed review; otherwise this package is coherent and low-risk.

Review Dimensions

Purpose & Capability: noteName/description match the implemented behavior: a descriptive financial-ratio benchmarking helper that analyzes user text and returns structured recommendations. The code implements parsing, simple heuristics, and JSON output which is appropriate. Minor mismatch: SKILL.md and ACCEPTANCE.md emphasize 'No code execution' and 'No real code execution', yet the skill ships with an executable handler.py (pure-Python) that will run when the skill is invoked — likely the authors meant 'no external commands or API calls', but the prose could mislead non-technical users.
Instruction Scope: noteSKILL.md instructs the agent not to make external calls; the handler.py code follows that: there are no network calls, no filesystem reads/writes beyond standard input, and no environment or config access. One thing to note: the handler reflects parts of user input back in outputs (input_preview and extracted numeric amounts). That is expected for this skill's function but means secrets pasted into the prompt would appear in skill output.
Install Mechanism: okNo install spec and no third-party packages or downloads are required. This is low-risk: the skill is instruction-only plus included Python source that runs in-process when invoked.
Credentials: okThe skill declares no required environment variables, no credentials, and no config paths. The implementation does not read env vars or external credentials. The requested permissions are proportionate to the described purpose.
Persistence & Privilege: okalways:false and the skill does not request persistent/system-wide configuration changes. It does not modify other skills or system settings. Autonomous invocation is allowed by platform default but is not combined with any unusual privileges here.