Skillv1.0.2

ClawScan security

Xueqiu Combo Report · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 22, 2026, 1:39 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files and runtime instructions are coherent with its stated purpose (collecting Xueqiu combo holdings from a logged-in browser, merging/patching them, ranking stocks, and exporting reports) and do not request unrelated credentials or perform unexpected network installs.
Guidance: This skill appears to do what it says, but consider these points before installing or running: (1) The upstream collection step requires the agent's browser tool to run inside an already-logged-in Xueqiu session — that will expose session cookies and page content to the tool; only allow this if you trust the environment and the skill. (2) Review any batch JSON inputs and patch JSON carefully before merging; patches overwrite combos by symbol. (3) The scripts generate HTML by interpolating fields from input data without sanitization — treat untrusted input cautiously (malicious HTML could be embedded). (4) PDF rendering calls a local Chrome/Chromium binary (the script uses --no-sandbox when invoking it), so ensure you run in a safe, isolated environment if you have security concerns. (5) There are no hidden network endpoints or required secrets, and you can inspect the included Python scripts directly; run them locally or in an isolated container if you want to limit exposure.

Review Dimensions

Purpose & Capability: okThe name, description, SKILL.md, reference docs, and included Python scripts all align: upstream collection requires a logged-in Xueqiu browser session and downstream scripts merge data, build rankings, and render JSON/MD/HTML/PDF. There are no unrelated environment variables, binaries, or external services requested.
Instruction Scope: noteInstructions explicitly require using a logged-in browser context (browser tool) to fetch Xueqiu data with credentials:'include' and then run local scripts to merge/patch and render reports. This is expected for a scraper/report workflow, but it means the agent/browser tool will access session cookies and page content — a sensitive capability that the SKILL.md does call out and limit (small batches, interactive evaluation).
Install Mechanism: okNo install spec or third-party downloads are present. The skill is instruction-first and ships two small Python scripts that use only stdlib (argparse, json, subprocess, shutil, pathlib). PDF rendering uses a locally installed Chrome/Chromium binary if available (no network downloads).
Credentials: noteThe skill requests no environment variables or credentials, which is proportionate. However, it depends on the agent's browser tool having access to an already-logged-in Xueqiu session (cookies/auth in the page). That access is necessary for the stated scraping step but is sensitive and should be granted consciously.
Persistence & Privilege: okalways is false and the skill is user-invocable; it does not declare persistent or system-wide privileges and does not modify other skills. Runtime actions write report files to the workspace and suggest committing them; there is no autonomous persistent installation.