Skillv1.0.0

ClawScan security

Trading Quant · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 2, 2026, 9:23 AM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The skill largely matches a market-data/analysis tool, but its code reads files and environment variables that are not declared (possible access to an external 'knowledge/watchlist.json' and TRADING_WORKSPACE), and it can download large ML models — these are scope/privacy concerns you should review before installing.
Guidance: This skill is plausible for market analysis, but inspect and sandbox it before trusting it with real data. Specific things to check or do before installing: - Review scripts/lib/analysis/industry_classifier.py: it attempts to read a 'knowledge/watchlist.json' via a relative path outside the skill. If you keep any sensitive data in your agent workspace or knowledge directories, this could be read. Consider removing or sandboxing that behavior. - The code will create cache files (e.g., /tmp/quant_industry_cache.json) and use your home HuggingFace cache; expect large model downloads (FinBERT) if transformers isn't already cached. - No credentials are requested, but the skill will make network requests to public market APIs (Tencent, Sina, EastMoney, yfinance, HuggingFace). If you need to limit network or data exfiltration, run it in a restricted container/environment. - Confirm Python version and dependencies (SKILL.md uses python3.12; requirements.txt lists Python 3.10+). Install dependencies in a virtualenv before running. - If you plan to use this in an automated/always-on agent, remove or control any code that reads external files (watchlist path) or write caches to sensitive locations. Ask the publisher to justify the watchlist prefill and to document network endpoints and file I/O. If you can, run the tool in an isolated environment (container/VM) first and audit network calls (e.g., with a firewall or proxy) and file reads to ensure it only accesses intended resources.

Review Dimensions

Purpose & Capability: concernThe name/description (quant trading & market data) aligns with the included code (data source adapters, scoring, sentiment). However there are surprising accesses: the industry classifier will try to prefill from a 'knowledge/watchlist.json' via a relative path that climbs several directories (outside the skill bundle), which is not justified by the SKILL.md or declared requirements and could read user data outside the skill.
Instruction Scope: concernSKILL.md instructs executing scripts/quant.py (expected). The runtime code, however, reads/writes files outside the skill directory (e.g., /tmp/quant_industry_cache.json and the relative 'knowledge/watchlist.json' path) and may use the TRADING_WORKSPACE env var; these file/ENV accesses are not declared and expand the agent's read surface beyond the stated purpose. The sentiment module can download HuggingFace models at runtime (network activity not described in SKILL.md).
Install Mechanism: noteNo formal install spec (instruction-only from platform perspective), but the bundle includes many Python modules and a requirements.txt listing heavy packages (pandas-ta, transformers implied by sentiment code). Running the skill will likely require pip installing those deps and may trigger large model downloads from HuggingFace. Lack of an install step means execution may fail or cause on-demand network fetches.
Credentials: concernThe skill declares no required env vars, but code reads TRADING_WORKSPACE (in config.get_workspace_root) and uses a HuggingFace cache in the user's home. It also tries to open a relative 'knowledge/watchlist.json' which could expose private files. No credentials are requested, but the unannounced env/file accesses are disproportionate to the SKILL.md's declared requirements.
Persistence & Privilege: notealways:false and no attempt to modify other skills. The skill writes cache to /tmp and the HuggingFace cache under the user's home and can persist an industry cache file; this is normal for such tools but still writes to disk. No evidence it modifies system-wide agent config or other skills.