Skillv0.8.2

ClawScan security

Data Quality Audit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 20, 2026, 3:21 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files, parser script, and runtime instructions are coherent with an independent cross-source audit purpose and do not request unrelated credentials or perform unexpected installs.
Guidance: This skill appears to do what it says: parse provenance tables, re-fetch the same metrics from independent market sources, apply sanity rules, and write an audit report. Before running it: 1) Ensure the agent/environment has the appropriate MCP connectors and API keys (Tushare, FMP, web_fetch, etc.) and that those credentials are minimal-scope and trusted. 2) Only run the audit on deliverable directories you expect it to read — it will parse and write files under that path (audit-report.md, audit-raw.json). 3) Expect network calls to official market/data endpoints; verify your platform's outbound rules if you need to restrict traffic. 4) Review the produced audit-report.md before sharing externally (the report contains fetched financial data). If you need stricter guarantees, inspect/limit which MCPs the agent may use or run the audit in an isolated environment.

Review Dimensions

Purpose & Capability: okThe name/description match the provided SKILL.md, YAML rules, and the parser script: the skill parses a deliverable's data-provenance.md, re-fetches numbers from independent market connectors, applies sanity rules, and emits an audit report. It does not request unrelated environment variables or binaries. The only external dependency implied is access to the platform's MCP/web-fetch tools (expected for cross-source verification).
Instruction Scope: okSKILL.md explicitly instructs the agent to read <deliverable>/data-provenance.md, independently fetch values from other market sources, apply the rule set, write audit-report.md and audit-raw.json, and return a verdict. Those file reads/writes are coherent with the stated audit purpose. There are no instructions to read unrelated system files, to exfiltrate deliverable contents to unknown endpoints, or to access environment variables beyond what MCP fetchers may require.
Install Mechanism: okNo install spec; this is instruction-only with one small helper script (a deterministic markdown parser). Nothing is downloaded or written to system paths by an installer. Risk from install mechanism is minimal.
Credentials: noteThe skill declares no required env vars or credentials, which is proportionate. Note: real cross-source fetches (Tushare, FMP, vendor MCPs) typically require API keys or access configured on the agent platform; the SKILL.md assumes those MCP tools and creds exist but does not request them. This is reasonable but means the agent executing the skill must already have the necessary credentials (scope them appropriately).
Persistence & Privilege: okalways:false and default model-invocation settings are normal. The skill does not request permanent presence or modify other skills. It reads and writes files inside the target deliverable directory only, which matches its purpose.