Skillv1.0.0

ClawScan security

Financial Fraud Analyzer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 30, 2026, 7:32 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and runtime instructions broadly match its stated purpose (financial fraud screening), but there are internal inconsistencies and sensitive items (hard-coded API keys/tokens, undeclared config usage, many network fetchers) that warrant caution before installing or running it.
Guidance: This skill appears to implement the described fraud-detection models and data pipelines, but proceed with caution: - Do not trust the embedded API keys/tokens. Remove or rotate any hard-coded keys (config.json and TUSHARE_TOKEN) before using; treat them as leaked credentials. Prefer storing your own keys in environment variables or a secrets manager and update the code to read them from a documented location. - Expect outbound network activity to several third-party services (AlphaVantage, Tushare, yfinance, Eastmoney, AkShare, SEC EDGAR). If you must restrict network access, run the skill in a sandbox or isolated environment first. - Inspect the crawler/fetcher scripts (eastmoney_crawler, eastmoney_fetcher, fetch_and_analyze) for endpoints, rate limiting, and any data-posting behavior. Confirm use complies with the target services' terms of service and local law. - Review where data is written (tmp/*.json) and how sensitive analysis outputs are stored or logged. If working with confidential data, ensure outputs are handled securely. - Because the skill's origin is 'unknown', verify licensing, maintainers, and review the code for any telemetry or hidden endpoints before granting broad privileges or running it on production systems. If you want to proceed, run it in a disposable environment, replace embedded credentials with your own managed keys, and audit network calls and third-party requests first.
Findings: [hardcoded_alpha_vantage_key_in_config.json] expected: A configured Alpha Vantage API key ('alpha_vantage_api_key' in config.json) is relevant to a data-fetching fraud analyzer, but embedding an API key in repo config.json is a poor security practice and may be a leaked/over-shared secret. [hardcoded_tushare_token_in_source] expected: core/data/sources/tushare_hk_source.py contains a literal TUSHARE_TOKEN string. Tushare access is relevant, but hard-coded tokens in source are unexpected — the SKILL.md and metadata do not declare required credentials or config paths. [network_api_calls_and_web_crawling] expected: The code uses requests, yfinance, tushare, AkShare, and includes eastmoney crawler/fetcher scripts and SEC EDGAR fetching. External network access is expected for data collection, but users should be aware the skill will contact multiple third-party endpoints and write fetched data locally.

Review Dimensions

Purpose & Capability: noteName, description, SKILL.md, and the many analysis scripts/models (Beneish, Dechow, trend analysis, red-flag scanners) are coherent for a fraud-analysis tool; the included data-source modules (AlphaVantage, Tushare, yfinance, AkShare, Eastmoney, SEC EDGAR fetchers) are relevant for collecting financial filings. However, the skill metadata declares no required env vars or credentials while the repository contains embedded API credentials/config (config.json alpha_vantage_api_key and a hard-coded TUSHARE_TOKEN). That mismatch (declared requirements: none vs. embedded secrets in files) is inconsistent and unexpected.
Instruction Scope: concernSKILL.md tells the agent to run multiple Python scripts that automatically fetch data (including 'python scripts/fetch_and_analyze.py' and SEC EDGAR auto-fetching) and to produce reports. The instructions do not disclose that scripts read config.json, use embedded API keys/tokens, write numerous tmp/*.json files, and perform web crawling (eastmoney_crawler/eastmoney_fetcher). The runtime scope is broader than the SKILL.md's declared inputs: it will access remote services, create local files, and depends on tokens not listed in 'requires.env'.
Install Mechanism: noteThere is no external install spec or remote download; the skill is delivered with a large codebase (many Python scripts and data files). That avoids arbitrary remote downloads, but it does mean lots of code will be placed on disk when the skill is installed. No install-time downloads from suspicious URLs were found in the provided manifest.
Credentials: concernAlthough the skill declares no required environment variables or primary credentials, the repository contains hard-coded credentials and config: config.json contains an alpha_vantage_api_key value and core/data/sources/tushare_hk_source.py contains a TUSHARE_TOKEN string. These are sensitive and should not be embedded. The code also uses networked libraries (requests, yfinance, tushare, AkShare) and will perform external API calls; the SKILL.md does not declare that user-provided credentials are needed or that the included keys will be used, creating a proportionality/transparency gap.
Persistence & Privilege: okThe skill does not request 'always: true' and does not claim system-level modifications. It writes outputs and tmp files within its own workspace and uses standard CLI scripts. There is no evidence it modifies other skills or system-wide agent config.