Skillv1.8.4

ClawScan security

InvestToday Finance Data · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 24, 2026, 8:38 AM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: This instruction-only skill appears to be a documentation/CLI wrapper for the InvestToday finance API and is generally consistent with its stated purpose, but its origin is unknown, it requires a third‑party Node package and may create local config files — so verify the package and what gets written before use.
Guidance: What to check before installing or using this skill: - Verify the package: search for @investoday/investoday-api on npm (or its source repository). Review the package README, publisher, release history and any published code to ensure it is trustworthy. - Sandbox first: if you install the CLI, do so in an isolated environment (container or VM) and run investoday-api init to see what config files are created and where they are stored. - Credentials: do not enter sensitive credentials until you confirm how the CLI authenticates and where it stores tokens. The SKILL.md does not declare required API keys but the CLI may prompt for them and save them locally. - Network behaviour: monitor outbound network traffic while exercising the CLI to confirm it only talks to expected API hosts (and not to personal servers or IPs). - Inspect for hidden characters: open SKILL.md and related files in a hex/clean text viewer to check for the reported unicode control characters. - If you require stronger assurance, ask the skill author for a homepage or source repo, or prefer a skill with a verifiable upstream (official domain or GitHub repo). Given the unknown origin and third-party package dependency, these checks will reduce risk. If you’re uncomfortable performing this review, avoid installing the package or run the skill only in a restricted sandbox.
Findings: [unicode-control-chars] unexpected: The pre-scan detected unicode control characters in SKILL.md (a prompt-injection pattern). This may be benign (odd whitespace/encoding) but could also be used to attempt injection/manipulation of parsers or human reviewers. Recommend opening the file in a plain text viewer and confirming there are no invisible instructions or maliciously crafted control characters.

Review Dimensions

Purpose & Capability: okThe name/description (Chinese market financial data) matches the SKILL.md and the included reference documents: many endpoints for quotes, financials, announcements, funds, macro data, etc. The SKILL.md explicitly requires Node.js and the @investoday/investoday-api package and expects network access, which is proportional to calling a remote finance API/CLI.
Instruction Scope: okRuntime instructions are limited to using the investoday-api CLI (init, list, search-api, and calling endpoints). There are no instructions to read arbitrary host files, harvest unrelated environment variables, or send data to unknown external endpoints beyond the API/CLI. The SKILL.md does warn that 'investoday-api init' may create or update local configuration files.
Install Mechanism: noteThis is an instruction-only skill (no install spec). The SKILL.md requires the Node package @investoday/investoday-api but provides no automated install instructions in the registry. That means installing the package is a manual/agent-side step — lower platform risk — but you should review the npm package and its install/source before installing, since it will run code from a third party.
Credentials: noteNo environment variables or credentials are declared in the registry, and the SKILL.md does not list API keys. However the CLI may still require or prompt for API credentials and will create/update local config files. The absence of declared credentials is not necessarily malicious but is a gap: verify whether the API requires an API key or token and how those are stored.
Persistence & Privilege: okPolicy flags are normal: always:false, user-invocable:true, autonomous invocation allowed by default. The only persistence concern is that the CLI may write local config files (noted in SKILL.md). There is no indication the skill modifies other skills or global agent configuration.