Skillv1.0.0

ClawScan security

price-tracker · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 21, 2026, 8:39 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions largely match the stated price-tracking purpose, but there are important mismatches (fabricated 'historical' data, undeclared runtime dependency, and reliance on a third‑party aggregator) that warrant caution before installing or trusting results.
Guidance: This package is mostly coherent for price searching and arbitrage calculations, but consider these before installing: - Trust boundary: the skill routes all search and extraction work through a third‑party aggregator (SkillBoss). Your queries and scraped search results are sent to that service; only provide an API key if you trust them. - Historical data is simulated: the 'price history' feature generates randomized mock history from the current price — it does NOT retrieve or persist real historical marketplace prices. If you need accurate history, this skill will not provide it without modification. - Missing dependency/install instructions: the code uses the Python 'requests' library but the skill declares no dependencies or install steps. Expect to install Python and required packages yourself (e.g., pip install requests). - Data reliability: the skill uses LLM-based extraction from search results (regex to pull the first JSON object). That can produce malformed/missing results; treat outputs as heuristics, not authoritative pricing. Recommendations: - Only use with a SkillBoss API key you control; rotate keys regularly and avoid using sensitive account keys. - Run the scripts in an isolated environment, review network traffic if you must verify what is sent, and test on non-critical queries first. - If you require true historical prices or persistent tracking, ask the maintainer for a storage/backfill mechanism or modify the code to record real snapshots over time (and declare dependencies).

Review Dimensions

Purpose & Capability: noteName/description match what the code does: searching listings, comparing prices, calculating margins, and producing alerts. The SKILL.md and code consistently rely on a single external service (SkillBoss API Hub) via SKILLBOSS_API_KEY, which is appropriate for a web-scraping/LLM-based aggregator. However, the SKILL.md promises historical price tracking but the code generates mock history (randomized data derived from current price) rather than retrieving/storing real historical records; that is an important capability mismatch. Also the package requires the 'requests' module but no dependency or install instructions are declared.
Instruction Scope: concernRuntime instructions and scripts only ask users to set SKILLBOSS_API_KEY and run scripts; the code respects that. BUT the scripts send web-search results and LLM extraction prompts to the remote SkillBoss /v1/pilot endpoint (including truncated 'search_data' in prompt), which means scraped page content and search context are transmitted to a third party. The historical-tracking feature does not actually collect past data from marketplaces (it fabricates mock histories), which contradicts user expectations in SKILL.md. The scripts read whatever CSV path the user supplies (expected), but do not read other local files or extra env vars.
Install Mechanism: noteNo install spec (instruction-only) which minimizes aggressive installs. However, multiple code files are included and require Python packages (notably 'requests'), but the skill metadata/README does not declare dependencies or provide installation steps, so users may encounter runtime failures or silently miss requirements.
Credentials: okOnly one environment variable is requested (SKILLBOSS_API_KEY) and that is directly used by the code to call the described external API. No unrelated credentials, config paths, or secrets are requested. Users should note they must trust SkillBoss with the queries and returned data.
Persistence & Privilege: okSkill does not request elevated/persistent privileges, does not set always:true, and does not modify other skills or system configs. It does not persist data itself beyond optional user-specified output files; there is no built-in datastore or automatic background daemon.