dcf-valuation
AdvisoryAudited by Static analysis on May 8, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing and using the skill may cause the agent to execute the bundled Python calculator locally.
The skill instructs the agent to run an included local Python calculator. This is expected for a valuation tool and no suspicious static scan findings were reported, but it is still local code execution.
运行 `scripts/dcf_calc.py --method both` 同时计算两种方法
Use the packaged version from a trusted source and review the script before running it if you have strict local-code-execution policies.
If a user installs via the documented GitHub path, their agent may load whatever code is present in that external repository at install time.
The README documents a manual external GitHub clone-and-copy install path. This is not an automatic install mechanism, but users who follow it rely on that repository's provenance.
git clone https://github.com/ianzheng001/dcf-valuation-skill.git ... cp -r dcf-valuation-skill ~/.agents/skills/dcf ... openclaw gateway restart
Prefer the registry package or verify the GitHub repository, commit, and file contents before manually copying it into an agent skills directory.
If enabled, generated valuation reports could be copied to a Feishu cloud workspace rather than remaining only on the local machine.
The README mentions optional syncing of generated reports to Feishu cloud documents using a folder token. The supplied SKILL workflow does not show automatic cloud upload, but this is an external data boundary users should notice.
飞书集成:可选同步到飞书云文档(需配置 folder_token)
Only configure Feishu sync intentionally, confirm which folder is used, and ensure the Feishu workspace permissions are appropriate for the report contents.