Back to skill
Skillv1.0.0
ClawScan security
FinTech Risk Control Expert · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 25, 2026, 7:25 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only FinTech/risk-modeling skill whose requested resources and runtime instructions are coherent with its stated purpose and show no disproportionate or suspicious requirements.
- Guidance
- This skill is instruction-only and coherent with its stated purpose, but before using it: (1) ensure the agent's runtime has the expected Python libraries (pandas, numpy, scikit-learn); (2) never feed sensitive production data unless you trust the execution environment — test on anonymized or sample data first; (3) review and/or run the provided code snippets in a sandbox because there are minor bugs (e.g., undefined numeric_cols) and you should validate that outputs meet your regulatory and business requirements; (4) if you expect the agent to run these snippets autonomously, confirm the agent does not have network or filesystem permissions you don't intend to allow.
Review Dimensions
- Purpose & Capability
- okThe name/description (financial risk modeling, WOE/IV, decision trees, scoring) match the SKILL.md content. The skill's examples and functions (pandas, numpy, sklearn) are exactly what you'd expect for the described capabilities; there are no unrelated credentials, binaries, or config requirements.
- Instruction Scope
- okSKILL.md is an instruction-only document with Python snippets that operate on local CSV input, compute WOE/IV, build decision trees, and export rules. The instructions reference only data processing and ML tasks relevant to the stated purpose. Minor coding issues (e.g., numeric_cols is referenced but not defined) are implementation bugs rather than scope creep.
- Install Mechanism
- okNo install spec and no code files; nothing is downloaded or installed by the skill. This minimizes persistence and external install risk. The runtime does assume a Python environment with pandas/numpy/sklearn available, but the skill does not attempt to install them.
- Credentials
- okThe skill declares no environment variables, no credentials, and no config paths. That is proportionate for an instruction-only ML/risk-modeling helper that works on local data files.
- Persistence & Privilege
- okalways is false and model invocation is not disabled (normal). The skill does not request permanent presence or system-level changes and does not modify other skills or system configuration.