Back to skill
Skillv1.0.0
ClawScan security
a-share-observation-loop · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 18, 2026, 4:16 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only tool that converts research conclusions into daily stock-market observation checklists; its requirements and instructions are consistent with that purpose and it requests no elevated privileges or external credentials.
- Guidance
- This skill is coherent and low-risk in itself, but it relies on accurate market data and the user's holdings. Before using: (1) Confirm where the agent will get 'latest market data' and ensure those data sources are trusted; (2) Do not provide sensitive credentials unless you intend the agent to access a secured data feed — the skill does not request any keys; (3) If you plan to wire outputs into automated trading systems, carefully review the '通过动作'/'失败动作' to avoid unintended orders; (4) Test outputs on sample or paper-trading scenarios first to verify the checklist behaves as you expect.
Review Dimensions
- Purpose & Capability
- okName/description (convert research into daily observation/checklist for A‑share trading) matches the SKILL.md: stepwise guidance, templates, and output contract. No unrelated credentials, binaries, or installs are requested.
- Instruction Scope
- okRuntime instructions stay on scope: define observation items, checkpoints, pass/fail actions, and when to re-run analysis. They require 'latest market data' and knowledge of user holdings, which is reasonable for this task and explicitly described; instructions do not direct reading unrelated system files or sending data to external endpoints.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files — lowest-risk install profile. Nothing is downloaded or written to disk by the skill itself.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The need for market data and user holdings is explicit and proportionate; users must supply data but no secret keys are required by the skill itself.
- Persistence & Privilege
- okalways:false (default) and autonomous invocation not disabled — standard for skills. The skill does not request persistent system-wide changes or access to other skills' configs.