Skillv1.0.2

ClawScan security

Vnstock Free Expert · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewFeb 25, 2026, 1:20 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill largely implements a coherent vnstock pipeline, but it silently reads a local .env for API keys (which are not declared) and the SKILL.md contains hidden unicode-control characters—review the scripts and keys before use or run in a sandbox.
Guidance: This package appears to implement a legitimate vnstock valuation pipeline, but take the following precautions before installing or running it: - Inspect the packaged scripts locally (scripts/*.py). They will make network requests and automatically load a .env file for API keys—do not run them with high-privilege or production credentials. - The registry did not declare required env vars, yet the skill reads VNSTOCK_API_KEY and references other external API keys. Only put a minimally privileged, test-scoped API key in .env, or run without keys to stay in guest limits. - Manually open SKILL.md in a text editor that shows invisible characters and remove/verify any control/unicode-control characters; they can affect prompt processing. - Run the code in an isolated environment (container or VM) so any unexpected network activity is contained; monitor outbound connections during first runs. - If you plan to use connectors (FMP, DNSE, Binance) provide separate scoped keys per connector and verify where each script sends data. Consider grepping scripts for hard-coded endpoints or upload URLs. - If you are not comfortable reviewing code, prefer a well-known upstream vnstock package from PyPI/GitHub instead of this unknown-source bundled skill. Confidence in this assessment is medium because the majority of files and instructions are coherent with the claimed purpose, but the missing declared env vars and hidden unicode-control characters create uncertainty that requires manual review.
Findings: [unicode-control-chars] unexpected: Hidden/invisible Unicode control characters were detected in SKILL.md. These can be used to hide or alter instructions presented to an LLM (prompt injection). While the rest of the content appears to be legitimate vnstock documentation, the presence of control characters warrants manual inspection of the SKILL.md source to ensure no concealed directives or tampering.

Review Dimensions

Purpose & Capability: noteThe name/description match the included scripts and documentation: the skill is a vnstock-based valuation/ranking pipeline and the scripts (build_universe, collect_market_data, collect_fundamentals, score_stocks, generate_report, run_pipeline, invoke_vnstock) are consistent with that purpose. Minor mismatch: requires.env in registry lists no required environment variables, but the SKILL.md repeatedly documents and expects a VNSTOCK_API_KEY in a local .env and references many optional external API keys (FMP, DNSE, BINANCE, etc.). This is plausible for the stated purpose but the registry metadata should have declared these env requirements.
Instruction Scope: noteThe SKILL.md gives a bounded, step-by-step workflow and enforces free-tier rate-limiting rules (good). It instructs the agent to read included reference docs and to load an optional .env file (VNSTOCK_API_KEY) and to save/reuse cached artifacts. That .env access is within the task (auth for vnstock) but the docs also list many other external connector API keys and show example commands with absolute local paths—these examples could confuse an agent into looking for user-local paths. The SKILL.md contains hidden unicode-control characters (prompt-injection signal) which may alter how an agent processes the instructions; this is suspicious and should be inspected.
Install Mechanism: okThere is no install spec (instruction-only), so nothing will be automatically downloaded or written by an install step. That reduces supply-chain risk. However, code files are packaged with the skill (scripts/...), so running those scripts will perform network operations; there is no separate installer that would fetch arbitrary binary artifacts.
Credentials: concernThe registry metadata declares no required env vars, yet the runtime instructions and documentation expect VNSTOCK_API_KEY in a .env and reference many optional external API keys (FMP_API_KEY, DNSE_API_KEY, BINANCE_API_KEY/SECRET, etc.). The scripts are described as auto-loading .env keys. This mismatch is a red flag: the agent (or the included scripts) may read secrets from a local .env that the registry did not surface. Users should not provide broad credentials; keys should be scoped and tested in an isolated environment.
Persistence & Privilege: okThe skill does not request always:true and does not claim to modify other skills or system-wide settings. It documents creating outputs/outputs/* and caching artifacts within its own project directory, which is normal for a pipeline. Autonomous invocation is allowed (default), which is expected for skills and not flagged alone.