Data Hub
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its in-memory data-sharing purpose, but its trading-risk write permissions rely only on caller-supplied agent names.
Use this only behind a trusted orchestrator that authenticates which agent is writing each namespace. Do not let arbitrary users or agents choose agent_id values, review risk_audit updates before they affect trading, and store optional snapshots only in a safe dedicated path.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A compromised or misdirected agent could write market, intelligence, or risk-control data under another agent's name, potentially affecting downstream trading decisions.
Write authorization is enforced by comparing a caller-supplied string to an expected role name. The artifacts do not show binding to a platform-authenticated agent identity, so a caller that can choose agent_id could impersonate roles such as Guard_Agent or Default_Orchestrator.
async def push_data(self, agent_id: str, category: str, key: str, data: dict) -> dict:
...
expected_agent = WRITE_PERMISSIONS[category]
if agent_id != expected_agent:
return {"success": False, "error": format_permission_error(agent_id, category)}Bind namespace permissions to authenticated platform identities or capability tokens, not self-reported strings; restrict who can invoke write methods and audit risk_audit changes.
Bad data in the hub can be reused by multiple agents and may shape later analysis or trading recommendations.
The skill intentionally creates shared memory that any agent can summarize. This is core to the purpose, but downstream agents may over-trust stale, incorrect, or adversarially inserted shared context.
- 任意 Agent 调用 `get_summary()` 获取全局数据快照 `self._memory` 采用三级树状结构:`category → key → value`
Treat hub data as untrusted input, preserve timestamps and authorship, verify important values before trading actions, and avoid exposing the global summary to agents that do not need it.
If snapshot_path is misconfigured, the skill could overwrite a user-writable file or store risk data somewhere unexpected.
The optional risk-audit snapshot writes JSON to a caller-supplied local path. This is purpose-aligned with the documented snapshot feature, but the path is not constrained to an application-specific directory.
def save_snapshot(data: dict, path: str) -> str | None:
try:
with open(path, "w", encoding="utf-8") as f:
json.dump(data, f, ensure_ascii=False, indent=2)Configure snapshot_path only under a dedicated data directory, avoid sensitive or shared locations, and consider adding path allowlisting or safe-create behavior.