ClawHub
Back to skill
v1.0.0

Portfolio Monitor | 投资组合监控

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:35 AM.

Analysis

This is a coherent instruction-only portfolio monitoring skill, but users should notice that it handles sensitive portfolio information, may query external finance/news sources, and produces investment recommendations.

GuidanceThis skill appears safe to install as an instruction-only portfolio reporting aid. Before using it, decide what portfolio details you are comfortable sharing, confirm whether any weekly monitoring is scheduled, and independently verify any buy/sell or position-sizing advice.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Rogue Agents
SeverityInfoConfidenceHighStatusNote
SKILL.md
定期周报(每周一生成) ... 定期更新:每周至少更新一次 ... 发现风险信号要立即提醒

The skill describes recurring monitoring and alerts. This is disclosed and central to the skill's purpose, with no artifact evidence of hidden background code or persistence.

User impactThe agent may be expected to generate recurring reports or alerts if your environment supports scheduling.
RecommendationConfirm any schedule or reminder behavior before relying on it, and keep notifications/report generation under your control.
Human-Agent Trust Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
操作建议 ... 考虑减仓 ... 考虑加仓 ... 💡 投资伙伴 J 的建议

The skill provides portfolio action suggestions and presents them in a trusted-advisor style. This is purpose-aligned, but financial recommendations should not be treated as guaranteed or professional advice.

User impactUsers could be influenced to make buy, hold, or sell decisions based on the agent's report.
RecommendationVerify recommendations with independent research or a qualified financial professional before making trades.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
SKILL.md
持仓数据:从用户提供的持仓清单获取 ... 股价数据:调用东方财富/新浪财经 API ... 新闻数据:监控新闻源、研报

The skill expects user-provided portfolio holdings and external finance/news data sources. This is aligned with the monitoring purpose, but it means sensitive holdings may be used in external lookups.

User impactYour portfolio details or stock symbols could be processed alongside third-party market/news sources.
RecommendationShare only the holdings information needed for analysis, and confirm which external data sources the agent will use.