Skillv3.0.4

ClawScan security

大虾皮股市工具集 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 9, 2026, 2:07 PM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The skill's documentation assumes an API token / CLI usage (daxiapi token, Authorization: Bearer) but the package metadata declares no required credentials or install — this mismatch is inconsistent and merits caution.
Guidance: This skill's docs clearly expect an API token and suggest running a CLI (npx) but the published metadata doesn't declare any required credentials — that mismatch is the main red flag. Before installing or using it: 1) Ask the publisher how the Authorization token is expected to be provided and why it was omitted from requires.env; prefer supplying tokens via the platform's secret/environment mechanism rather than pasting them in chat. 2) Verify and trust the domain https://daxiapi.com and review any CLI package code (npx will download and run code) before executing. 3) If you must provide a token, use a token with minimal scope and revoke it after testing. 4) Prefer to test in an isolated environment (no sensitive credentials) and request the publisher add explicit metadata (primaryEnv or requires.env) and an audited install spec. 5) If the skill will prompt you for secrets, decline unless you can verify the publisher and confirm secure handling.

Review Dimensions

Purpose & Capability: concernThe skill is presented as a routing/dispatch layer for A‑share analysis skills, which is plausible. However, the SKILL.md and API docs repeatedly show authenticated API use (Authorization: Bearer YOUR_TOKEN) and CLI commands that set a token (daxiapi config set token), yet the registry metadata lists no required environment variables or primary credential. That missing declaration is disproportionate to the skill's apparent need for an API token.
Instruction Scope: concernRuntime instructions direct the agent to route to other skills, call CLI commands (e.g., npx daxiapi-cli@latest ...) and present API usage examples requiring a Bearer token. The instructions therefore implicitly rely on obtaining/using credentials and on executing or advising installation of external tooling — behavior not reflected in the declared requirements. The SKILL.md does not explicitly describe how the agent should obtain or store the token, which could lead to ad-hoc prompting or insecure handling.
Install Mechanism: noteThere is no install spec (instruction-only), so the skill itself writes nothing to disk. However, the docs encourage use of a CLI via npx (npx daxiapi-cli@latest), which causes dynamic package download at runtime if followed by a user or agent. This is not installed by the skill package itself but is a relevant operational risk the user should consider.
Credentials: concernThe API reference and CLI examples require an Authorization Bearer token and show config commands to set a token, yet the skill metadata declares no required env vars or primary credential. Requesting or accepting a token from a user is expected for this functionality, so the omission is an inconsistency that could lead to unexpected credential prompts or insecure sharing of secrets.
Persistence & Privilege: okThe skill does not request always:true, does not declare any config paths, and has no install step. It will not persistently force inclusion or modify other skills according to the provided metadata.