Back to skill
Skillv3.0.0
ClawScan security
Financial Research · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 30, 2026, 10:15 AM
- Verdict
- Benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's requirements (AnyGen CLI + ANYGEN_API_KEY) and runtime instructions match its stated purpose (financial research); the main risks are installing an npm CLI and sending potentially sensitive financial data to AnyGen's servers, and the package/source lacks a public homepage for independent verification.
- Guidance
- This skill appears coherent for financial research, but before installing: 1) Verify the @anygen/cli npm package and the AnyGen service (look up the npm page, author, and anygen.io) since the registry entry has no homepage; 2) Treat ANYGEN_API_KEY as sensitive — consider using a scoped or short-lived key and confirm what data AnyGen will retain or log; 3) Be aware npm installs can run code during install and the skill may prompt you to install an additional anygen skill which widens the attack surface; 4) If you need stronger assurance, review the @anygen/cli package source or run it in a sandbox/VM first. If you cannot verify the package/provider, consider using a trusted alternative or manual workflows instead.
Review Dimensions
- Purpose & Capability
- okName/description ask for financial analysis and the skill requires the AnyGen CLI and an AnyGen API key — these are directly related to the declared purpose.
- Instruction Scope
- noteSKILL.md only instructs use of the anygen CLI (auth and generate) and to install a related anygen-workflow-generate skill if missing. It does not request unrelated files or extra environment variables, but installing the additional skill could expand what is run.
- Install Mechanism
- noteInstall is an npm package (@anygen/cli) that creates the anygen binary — this is expected for a CLI-based skill but npm packages may execute scripts at install time and introduce third-party code on the host. The install source is not a direct URL download, which is preferable, but there is no homepage or external verification provided in the registry metadata.
- Credentials
- okOnly ANYGEN_API_KEY is required and is declared as the primary credential — that is proportionate. However, the API key is sensitive and grants the skill/network access to AnyGen; any data sent to the service (financial documents, model inputs) will be exposed to that provider.
- Persistence & Privilege
- okalways is false and the skill does not request system-wide config changes or other skills' credentials. Autonomous invocation is allowed (default) — not flagged by itself but increases blast radius if the skill were malicious.