Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
虾皮市场风格轮动分析
v1.0.1分析A股大小盘风格轮动,通过中证2000与沪深300的相对强弱差值判断风格偏向与切换信号。触发词:大小盘风格、风格轮动、大盘股小盘股、风格切换、沪深300、中证2000、微盘股投资策略。适用场景:判断市场风格偏向、识别风格切换信号、大盘小盘配置决策。不适用场景:个股分析、行业板块分析、债券分析。
⭐ 0· 71·0 current·0 all-time
by三水清@ksky521
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's stated purpose (analyzing A-share large/small-cap style rotation via a 'daxiapi' service) is plausible, but the metadata declares no required environment variables or binaries while the runtime instructions explicitly require a token and use 'npx daxiapi-cli@latest'. Legitimately, the skill needs an API token and an npm runtime (npx) — these are missing from the declared requirements.
Instruction Scope
SKILL.md instructs the agent to run shell commands (npx daxiapi-cli@latest market style) that will make network calls to an external service (daxiapi.com) and to read/write token configuration (~/.daxiapirc) and/or environment variables (DAXIAPI_TOKEN). This scope is consistent with the stated purpose, but the instructions give the agent the ability to execute remote code (via npx) and to access local credential storage which were not declared in metadata.
Install Mechanism
There is no install spec (instruction-only), but runtime uses 'npx ...@latest', which downloads and executes a package from the npm registry at invocation time. That is higher risk than a pure instruction-only skill because npx will fetch remote code (transient execution) and using '@latest' lacks a pinned version. No permanent files are declared, but running npx implies a dependency on Node/npm being available (not declared).
Credentials
The references and SKILL.md clearly require an API token (DAXIAPI_TOKEN or CLI-stored token) and mention the config file location (~/.daxiapirc). Requesting a token is proportionate to calling a third-party API, but the skill metadata did not list any required env vars or config paths. The absence of declared credentials and the CLIs' ability to persist a token to disk are discrepancies that affect risk evaluation.
Persistence & Privilege
The skill does not request 'always: true' and does not claim elevated platform privileges. It can be invoked autonomously (platform default), which is normal; this autonomy combined with the token/remote-execution concerns increases blast radius but is not by itself a metadata misconfiguration.
What to consider before installing
Before installing, verify these items: 1) The skill's metadata should declare that it needs an API token and a local npm runtime (npx). Ask the author to add required env vars (e.g., DAXIAPI_TOKEN) and required binaries (node/npm). 2) Understand that runtime uses 'npx ...@latest' — npx will download and execute remote npm code each time; prefer a pinned version (not @latest) or a vetted binary. 3) Confirm you trust the daxiapi service and the npm package owner (check homepage, source repo, and package contents). 4) Be cautious storing tokens in persistent config files (~/.daxiapirc); use temporary environment variables where possible and do not check tokens into repos. 5) If you need stronger guarantees, request the author provide a static manifest (exact npm package version or a bundled, audited implementation) and explicit declaration of all required env vars and config paths. 6) If you will allow autonomous invocation, be aware the agent could run npx and access the token — only enable that if you trust the skill and its source. If any of the above cannot be confirmed, treat the skill as higher risk and avoid installing or run it in a restricted/test environment first.Like a lobster shell, security has layers — review code before you run it.
latestvk97aaqzbmx1gwm28hd4j1mtgmx84hffh
License
MIT-0
Free to use, modify, and redistribute. No attribution required.