Skillv1.0.9

ClawScan security

A Stock Trading Signals · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 14, 2026, 4:36 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (delivering paid trading signals via a backend API) is broadly consistent with its files, but there are implementation and declaration mismatches and a financial risk (on-chain payment) that you should understand before installing.
Guidance: This skill is generally coherent for a paid trading-signal API, but evaluate these things before installing: 1) Endpoint and implementation mismatches — SKILL.md, skill.json and api.py disagree on paths (/s vs /signals and listed endpoints). Ask the author to clarify which endpoint the agent should call. 2) Payment risk — the skill expects an x402 on-chain payment (0.01 USDC to the listed wallet). The included api.py does not actually enforce payment (it bypasses verification in testing mode), but the remote service could require/charge payment outside this bundle. Do not sign or send crypto unless you trust the endpoint and understand the payment flow. 3) Source provenance — there is no homepage or reputable owner listed; prefer skills hosted from a verifiable repo or vendor. 4) If you plan to let the agent call the endpoint autonomously, limit or review calls to avoid unintended payments. 5) If you need assurance, request the maintainer to: a) align docs/manifests with routes, b) provide a public repo or audit trail, and c) document the exact x402 flow and what data is transmitted. If any of these are unresolved, treat the skill as higher-risk and do not use it for automated trades or with real funds.

Review Dimensions

Purpose & Capability: noteThe skill claims to fetch A-share/HK-stock trading signals from a backend API and charge 0.01 USDC via the x402 protocol; the code, SKILL.md and manifests consistently reference a remote endpoint and a recipient wallet, so the requested capabilities match the stated purpose. Minor incoherencies: skill.json lists endpoints (/s, /v, /n) while api.py exposes /signals and /health; SKILL.md points at /s but api.py implements /signals. This mismatch could be a configuration bug or documentation drift.
Instruction Scope: concernSKILL.md instructs the agent to call an external API and perform an x402 payment challenge. That is within the skill's purpose but is a financial action: the agent will contact an external service (unknown third party) that may expect on-chain payment. The runtime instructions are vague about how the payment is to be performed and do not limit what the agent should send as context. The included api.py also skips real payment verification (verify_x402_payment returns True or is bypassed if x402 is not installed), so the promised paywall is not enforced in the code bundle — this discrepancy is important for users to know.
Install Mechanism: okNo install spec is provided (instruction-only install), so nothing is automatically downloaded from arbitrary URLs. The package files include Python code and a manifest that lists dependencies (fastapi, uvicorn, x402) which are ordinary packages; there is no evidence of obscure download URLs or archive extraction in the skill bundle.
Credentials: okThe skill requests no environment variables or secrets. It does include a hard-coded recipient wallet and payment parameters but does not ask for the user's private keys or API keys. No unrelated credentials are requested.
Persistence & Privilege: okThe skill is not marked always:true and does not request elevated persistent privileges or attempt to modify other skills or global agent config. Agent autonomy is allowed by default (disable-model-invocation is false), which is normal; this combined with an external payment requirement increases financial risk but does not itself indicate elevated system privilege.