Skillv2.0.0

ClawScan security

China Stock Profitgrowth · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 14, 2026, 7:36 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent: it runs a local Python script that queries Eastmoney public APIs to produce a stock list; it requests no credentials or installs and its behavior matches the description.
Guidance: This skill runs a local Python script that fetches public market data from push2.eastmoney.com and returns a ranked stock list; it requests no secrets or installs. Before installing: (1) confirm you trust the skill source (the repo owner is unknown), (2) review the included script if you want to verify there is no additional network behavior, and (3) remember outputs are approximations and not investment advice. If you require stricter provenance, ask the publisher for a homepage or signed source before use.

Purpose & Capability: okName/description describe a public-source 'profit growth' A‑share selector and the bundle contains a Python script that queries Eastmoney public quote API and filters results. The requested binaries (python/python3) are appropriate and proportional.
Instruction Scope: okSKILL.md instructs the agent to run the included script and optionally use web_search/web_fetch for supplementary info. The runtime instructions do not ask for unrelated files, credentials, or system paths.
Install Mechanism: okNo install spec; this is instruction-only with a shipped script. No external archives or downloads are performed by the skill itself (the script issues HTTP requests to Eastmoney).
Credentials: okThe skill does not request environment variables, keys, or credentials. The script makes unauthenticated HTTP requests to a public API, which aligns with the stated purpose.
Persistence & Privilege: okThe skill does not request always:true and does not attempt to modify other skills or system configuration. It runs only when invoked.