Back to skill
Skillv2.0.0
ClawScan security
Event Analyzer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewApr 17, 2026, 1:30 AM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's description, instructions, and artifacts align with a financial event-analysis tool, but the declared allowed-tools (notably Exec/Read/Write) are broader than necessary for the stated purpose and increase the attack surface if the agent has those capabilities.
- Guidance
- This skill appears to be a coherent event-analysis/financial signal tool and requests no credentials or installs. Main caution: the SKILL.md declares allowed-tools including Exec, Read and Write. If your agent runtime exposes a shell or file access via those tools, the skill (when invoked) could run commands or read/write files even though the instructions don't require that. Before installing, ask the skill maintainer to (a) remove Exec/Read/Write from allowed-tools if not needed, or (b) confirm exactly which tool implementations will be available and restrict them (e.g., allow WebSearch and Message only). Also verify the platform enforces tool-level sandboxing and that the skill will not be given access to sensitive filesystem paths or credentials. If you don't control the agent tool set, treat this as higher-risk and prefer a version that limits allowed-tools to WebSearch/Message (and maybe Write for output) only.
Review Dimensions
- Purpose & Capability
- okName, description, README, SKILL.md and examples consistently describe a finance-focused event analysis workflow (采/选/判/析). There are no required env vars, binaries, or install steps that contradict the stated purpose.
- Instruction Scope
- noteRuntime instructions focus on web-sourced evidence (URLs, statistical data, official announcements) and structured analysis. The SKILL.md does not instruct reading system files, accessing credentials, or contacting unexpected external endpoints beyond cited public sources and web search. It does, however, require collecting and embedding source URLs in outputs (expected for the purpose).
- Install Mechanism
- okThis is an instruction-only skill with no install spec and no code files—lowest installation risk. Nothing is downloaded or written to disk by an installer.
- Credentials
- okThe skill declares no environment variables, credentials, or config paths. The data it requests (public URLs, public statistics) is proportional to its stated analytical purpose.
- Persistence & Privilege
- concernThe SKILL.md lists allowed-tools = [Read, Write, Exec, Message, WebSearch]. For an instruction-only event analyzer, WebSearch and Message are expected; Read/Write/Exec are broader than necessary and would permit the agent to read/write local files and execute shell commands if the platform exposes those tools. While always:false and no install mitigates persistence risk, the Exec/Read/Write privileges materially increase the blast radius if the agent is allowed to call them—especially when the agent can invoke skills autonomously.