Skillv1.0.0

ClawScan security

Sun Yuchen's stock selection model · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 7, 2026, 1:37 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill code and instructions match the stated purpose (generating A‑share sector reports from public sources), but there are a few coherence and operational risks you should understand before installing (notably an undeclared dependency on Node and child processes inheriting the agent environment).
Guidance: This skill appears to implement the described A‑share sector reporting workflow, but take these precautions before enabling it: 1) Ensure the agent environment has Node.js available (the skill does not declare 'node' but runs node scripts). 2) Review and, if needed, remove any sensitive environment variables from the runtime because generate_brief.js passes process.env to child scripts (child processes inherit the agent environment). 3) The scripts fetch public news/market APIs (EastMoney, Tavily optional, Reuters/Yahoo etc.); if you must limit external network access, run the skill in a sandbox or with egress controls. 4) The skill writes files under a .local directory in the skill folder — if disk writes are a concern, check where the skill is installed. 5) If you plan to supply TAVILY_API_KEY, verify the key’s scope and treat it as secret. If you want this to be fully coherent, ask the publisher to declare 'node' as a required binary and to avoid passing full process.env to child processes (or document why it's needed).

Review Dimensions

Purpose & Capability: noteThe skill's name/description (A股板块研报、新闻抓取、映射) matches the included scripts: news fetchers, sector analysis, US mapping and a top-level generate_brief.js. However the skill does not declare any required binaries while the SKILL.md and the code assume a Node.js runtime (scripts invoked via node). That undeclared runtime dependency is a coherence gap: an agent that cannot run node will fail or try alternate behaviors.
Instruction Scope: okSKILL.md explicitly instructs the agent to run local node scripts to fetch market/news data and produce markdown. The scripts only fetch public news and market APIs (Tavily optional, EastMoney, Reuters/Yahoo/CNBC etc.), build reports and write local .local JSON files. The instructions and code do not attempt to read unrelated system files or request unrelated credentials. They do spawn child processes (node scripts) as the designed workflow.
Install Mechanism: noteThere is no install spec (instruction-only) which reduces install-time risk. But the packaged skill includes multiple Node scripts and expects node to be available. Absence of a declared 'node' required-binary is an inconsistency — the skill will not work as‑advertised without Node present.
Credentials: noteDeclared environment access is minimal and optional (TAVILY_API_KEY). Implementation detail: generate_brief.js spawns other scripts with env: process.env, so child processes inherit the entire environment. While the code only uses TAVILY_API_KEY for an Authorization header, passing the full environment to networked child scripts means any sensitive env vars present in the agent runtime would also be available to those child processes. This is common but worth noting — remove sensitive env vars or run in a restricted environment if concerned.
Persistence & Privilege: okSkill is not 'always: true' and is user‑invocable. It writes output and caches to a .local directory inside the skill root (generate_brief creates .local). This is normal for a data-gathering/reporting skill and it does not modify other skills or agent configs.