ClawHub
Back to skill
v1.0.0

Financial Analyzer

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:59 AM.

Analysis

The artifacts show a local financial-analysis helper with no evidenced network, credential, or destructive behavior, though users should notice the documented package install and in-memory analysis history.

GuidanceThis appears suitable as a local financial-analysis helper. Use a trusted Python environment for the optional package install, treat financial statement inputs as potentially sensitive, and independently verify investment or valuation outputs before relying on them.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
pip install numpy pandas

The documentation asks the user to install unpinned third-party Python packages. This is purpose-aligned for financial analysis tooling, but it relies on the user's Python package supply chain.

User impactIf the user runs the setup command, their environment will fetch packages from the Python package ecosystem.
RecommendationInstall in a virtual environment and use trusted package sources; pin versions if reproducibility matters.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
financial_analyzer.py
self.history: List[Dict] = [] ... self.history.append(result)

The analyzer stores analysis results in memory for the lifetime of the object, which may include financial figures and generated summaries.

User impactPrior analyses may remain available in the same running process or object instance.
RecommendationAvoid entering highly confidential financial data unless appropriate, and create a new analyzer instance or clear history when separation between analyses is needed.