Back to skill
Skillv1.0.1
ClawScan security
Portfolio Risk Manager · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 25, 2026, 1:18 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requested inputs, instructions, and metadata are coherent with its stated purpose (portfolio IPS + position sizing); it is instruction-only, requests no credentials, and has no install step.
- Guidance
- This skill appears coherent and low-risk: it needs no credentials and only uses user-provided portfolio inputs. Before installing or using it, (1) confirm where valuation/news/confidence data will come from (internal tool vs web vs other skills) and whether you consent to those lookups; (2) supply ACTIVE_WATCHLIST and MONTHLY_CASH_INFLOW_VND (and optional HOLDINGS) rather than embedding any brokerage credentials; (3) test outputs on a small or mock watchlist and verify recommendations manually before acting financially; (4) if you want to prevent automatic invocation, disable implicit invocation or the skill in your agent settings.
Review Dimensions
- Purpose & Capability
- okName/description (IPS mini, risk budgeting, position sizing) align with the SKILL.md. Required inputs (ACTIVE_WATCHLIST, MONTHLY_CASH_INFLOW_VND) and optional inputs (HOLDINGS, RISK_PROFILE, CONFIDENCE_MAP) are appropriate and expected for a portfolio risk manager. There are no unrelated environment variables, binaries, or config paths requested.
- Instruction Scope
- noteInstructions are narrowly focused on producing an IPS, sizing policy, per-ticker risk plans, rebalance plan, and checklist. One minor ambiguity: SKILL.md says to use 'outputs macro/news/valuation if available' and may consume a CONFIDENCE_MAP from an 'equity-valuation-framework' / orchestrator — it does not declare how those data sources are obtained (other skills, internal tools, or external web). This is not a direct security problem but means the agent could invoke other skills or external lookups to enrich recommendations; you should confirm expected data sources and permissions before relying on live external fetching.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files. Nothing is written to disk or downloaded, minimizing installation risk.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. Optional inputs are sensible for the domain (holdings, risk profile, confidence map). No secrets or unrelated service tokens are requested.
- Persistence & Privilege
- okSkill is not marked always:true. agents/openai.yaml sets allow_implicit_invocation: true (permitting implicit invocation) and the skill allows model invocation (disable-model-invocation: false) — these are normal for a user-invocable skill but mean the agent may call this skill automatically when appropriate. There is no evidence the skill modifies other skills or system settings.