Skillv1.0.0

ClawScan security

VBrokers Trading · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 6, 2026, 11:36 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions are coherent with its stated purpose (local OpenAPI Gateway trading client); nothing requests unrelated credentials or external endpoints, though there are a few small transparency notes to check before use.
Guidance: This skill appears to implement exactly what it claims: a local OpenAPI Gateway client for VBrokers trading. Before installing or running it, do the following: (1) Verify the local Gateway (华盛通OpenAPIGateway.app) you will connect to is the official application and actually running on 127.0.0.1:11111. (2) Inspect the bundled scripts (vbrokers_client.py) yourself — it contains a hardcoded AES key used to encrypt your trading password; confirm this matches vendor documentation or replace it with a secure/configurable key if appropriate. (3) Never hand your real account credentials to untrusted code — test with a demo/small order first. (4) Ensure pycryptodome is installed from a trusted source. The skill does not exfiltrate data to remote hosts, but because it can place/cancel real orders, treat it as high-impact: validate behavior in a safe environment before granting it access to live money.

Review Dimensions

Purpose & Capability: okName/description match the included Python client and API reference. The code exclusively targets the local OpenAPI Gateway (http://127.0.0.1:11111) and implements trading, quotes, K-lines, and helper logic described in the SKILL.md. No unrelated cloud services, binaries, or secrets are requested.
Instruction Scope: okSKILL.md stays on-topic: it tells you to run the local Gateway app, install pycryptodome, copy/import the provided vbrokers_client.py, and call functions like trade_login, get_account_funds, place_order, etc. The instructions do not direct the agent to read arbitrary files, other env vars, or to transmit data to endpoints other than the specified localhost gateway.
Install Mechanism: okThere is no install spec (instruction-only with bundled client code). The only runtime dependency mentioned is pycryptodome (pip), which is appropriate for AES operations. No remote downloads or archive extracts are performed by the skill itself.
Credentials: noteThe skill does not request environment variables or external credentials. It asks callers to pass their trading password to trade_login at runtime. The client contains a hardcoded base64 AES key (AES_KEY_B64) used to encrypt the password before sending it to the local gateway — this is plausible if the provider supplies a fixed key, but it is a transparency detail you should verify (see guidance).
Persistence & Privilege: okalways is false and the skill is user-invocable. It does not request permanent agent presence or modify other skills' configurations. The client only communicates with the local Gateway and does not persist credentials itself.