Skillv1.0.3

ClawScan security

Equity Valuation Framework · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 25, 2026, 1:20 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only valuation playbook that transforms pre-fetched financial data into a standardized report; it requests no credentials, does not install code, and stays within its stated scope.
Guidance: This skill is coherent and low-risk as presented, but before installing consider: (1) it expects reliable upstream data — verify you trust the data sources (vnstock-* and other monitors) that will feed it; (2) outputs are decision-support (not trading execution) — do not treat them as financial advice or an automated trading trigger; (3) because the skill runs autonomously by default, ensure you control which upstream skills provide data so no unexpected sensitive inputs are fed into the valuation workflow.

Purpose & Capability: okName/description match the contents: the skill is a ruleset/playbook for producing valuation reports from upstream-provided data. It does not request unrelated resources or credentials.
Instruction Scope: okSKILL.md describes validation, module selection (Multiples, DCF, sector adaptations), scenario building and reporting. It explicitly states it does not fetch data and only operates on supplied input bundles; it does not instruct reading system files, environment variables, or sending data to external endpoints.
Install Mechanism: okNo install spec and no code files — instruction-only. There is nothing to download, extract, or execute on disk.
Credentials: okNo required env vars, credentials, or config paths are declared or referenced. The skill relies on upstream skills for data, which is appropriate for its stated purpose.
Persistence & Privilege: okalways is false and the skill does not request persistent system presence or modify other skills. Autonomous invocation is allowed by default but this is normal and not in itself a red flag here.