Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Investment Framework Skill
v1.0.2[何时使用]当用户需要进行投资价值分析时;当用户询问"这家公司值得投资吗"时;当用户需要资产配置建议时;当用户想做投资决策但需要检查逻辑时;当用户想识别长期趋势和机会时;当用户需要评估市场经济专利时;当需要行业专用指标分析时
⭐ 0· 252·2 current·2 all-time
by@lj22503
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
high confidencePurpose & Capability
The name/description (investment decision framework) align with the included code and many sub-skills (value-analyzer, asset-allocator, industry-analyst, etc.). The repo contains many legitimate data-fetching and analysis scripts for investment research, which are expected. However the package also includes deployment/publishing automation (auto-publish-clawhub.sh, crontab examples, CLAWHUB_* docs) that are not strictly necessary for runtime investment analysis and expand the skill's operational footprint.
Instruction Scope
SKILL.md grants the agent tools including Bash, Read, Write, Exec and WebSearch. The repository includes scripts that fetch remote data (eastmoney, Tencent, AlphaVantage) which is appropriate, but also contains automation instructions and cron examples that instruct executing scripts and interacting with external services and CLI tooling. Notably CLAWHUB_CRON_SETUP.md and CLAWHUB_PUBLISH_GUIDE.md describe scheduled publishing and mention a token '已配置在脚本中' (token configured in the script). Those runtime instructions allow the agent to run arbitrary shell scripts and potentially publish or alter remote resources — this materially expands scope beyond pure analysis.
Install Mechanism
There is no declared install spec in the manifest (instruction-only). That lowers install-time risk. However the repo contains many executable scripts and examples that would be written to disk if the agent is allowed to write files or run the included scripts; running or extracting those scripts is an operational decision and not covered by a package manager review.
Credentials
The skill manifest declares no required environment variables, yet the docs and CONTRIBUTING examples reference API keys (QVERIS_API_KEY, TTFUND_API_KEY, Tushare token, AlphaVantage key) and the CLAWHUB docs explicitly state a publishing token is stored in scripts. Requiring or embedding long-lived tokens in scripts is disproportionate to pure analysis and is not surfaced in requires.env — this mismatch is a red flag. The skill also suggests writing a config file under the user's home directory for tokens, which is acceptable if done transparently, but the repo's documentation claiming 'Token:已配置在脚本中' suggests credentials may be embedded/hard-coded.
Persistence & Privilege
The skill is not marked always:true (good), but repo docs provide crontab entries and an auto-publish script (scripts/auto-publish-clawhub.sh) and examples that would set scheduled jobs under /tmp/investment-framework-skill. If the agent is allowed to Exec/Bash and Write, it could (with user permission or by following vague instructions) install cron jobs or run persistent publishing automation. The manifest doesn't declare persistent behavior but the contents enable it — a capability/privilege mismatch.
What to consider before installing
This skill appears to implement a comprehensive investment analysis toolkit (many expected analysis scripts and docs). However:
- Do not run or grant Exec/Bash/Write to this skill until you inspect the scripts. In particular review scripts/auto-publish-clawhub.sh and any scripts referenced by CLAWHUB_CRON_SETUP.md and CLAWHUB_PUBLISH_GUIDE.md — the docs say a publishing token is configured in a script, which could leak credentials or enable automated publishing.
- Search the repository for hard-coded secrets (search for 'token', 'TOKEN', 'password', 'KEY', 'APIKEY', 'clawhub login', email addresses). If you find secrets embedded in files, do not use them.
- If you intend to use the data-fetching features, prefer configuring API keys in a local user-only config (as the docs suggest) rather than embedding them in repo files. Confirm the code reads keys from that config rather than from checked-in files.
- Avoid enabling automatic cron jobs or running publish scripts supplied here; instead run analysis scripts in a sandboxed environment and only after manual review.
- If you lack capacity to review all files, consider limiting the skill's allowed tools (disable Exec/Bash/Write) or only allow read-only analysis of its SKILL.md.
- If you proceed, audit network calls the scripts make (which external endpoints are contacted) and restrict the agent's network access or run it in an isolated environment.
Additional actionable checks that would raise confidence: verify that no file contains hard-coded tokens, confirm auto-publish scripts do not send data to unexpected endpoints, and ensure data sources are public APIs the skill documents (eastmoney, Tencent, AlphaVantage) rather than unknown hosts.Like a lobster shell, security has layers — review code before you run it.
latestvk976w07ejjstneqcgmxatzzjzs84tmx2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.