ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

A Share Glossary Tutor

v1.0.0

A股/炒股新手概念与指标的结构化讲解与笔记沉淀。用在:解释PE/PB/ROE/现金流/财报口径、板块与题材、政策术语;把零散问题整理成可复习的知识体系(中文优先)。

0· 377·2 current·2 all-time
by@joifg
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, and required behavior align: the skill's goal is to explain stock concepts and collate notes. The only external effect (appending to notes/stocks/glossary.md) is consistent with the stated purpose of '笔记沉淀' (note persistence).
Instruction Scope
SKILL.md is narrowly scoped to formatting explanations and appending them to notes/stocks/glossary.md with deduplication/grouping. This is appropriate for a tutor, but the instructions do cause persistent writes to the agent workspace; users should be aware the skill will modify a file in the environment. The skill does not instruct network calls or reading unrelated system files, and it does not request secrets.
Install Mechanism
No install spec or code files are present (instruction-only), so nothing will be downloaded or written during installation—lowest-risk model for installs.
Credentials
No environment variables, credentials, or external service keys are requested. The skill's needs (generating content and writing a local note) are proportional to its purpose.
Persistence & Privilege
The skill will append structured content to notes/stocks/glossary.md in the agent workspace. It is not always-included and does not request elevated privileges, but it does create persistent data in the workspace which you may want to review, relocate, or restrict access to.
Assessment
This skill appears coherent and low-risk: it generates explanations and appends them to notes/stocks/glossary.md locally and does not ask for credentials or install software. Before enabling: (1) confirm you are comfortable with the agent writing to notes/stocks/glossary.md (move or rename the path if you prefer another location); (2) review any appended notes for accuracy—the skill explicitly avoids giving buy/sell advice but may still be incorrect; (3) in multi-user or shared environments, consider file permissions or a private folder to avoid exposing appended notes; (4) if you pass links as context, the skill’s instructions do not say it will fetch external content automatically—assume it will not unless you see additional code or network instructions.

Like a lobster shell, security has layers — review code before you run it.

latestvk976vfg6gj9f1hdpdx32m73055825473

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📚 Clawdis

Comments