Skillv1.0.0

ClawScan security

M估值法 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 3, 2026, 10:03 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill is a plausible stock-valuation tool but contains several incoherencies — hardcoded API keys, undeclared external dependencies (Node script, tushare), and absolute paths — that don't match the manifest or SKILL.md and warrant caution.
Guidance: This skill likely implements the advertised valuation method, but it has several red flags you should address before installing or running it: (1) The Python file contains hardcoded API keys (a TAVILY_API_KEY and a Tushare pro token). Do not run it if you do not trust these keys or their owner — they may be tied to someone else’s account or be abused. (2) The script calls a Node script at an absolute path (/root/.openclaw/.../tavily-search/scripts/search.mjs) and requires the 'node' binary and the 'tushare' Python package, none of which are declared in the manifest. Confirm those dependencies and that the referenced Node script is legitimate. (3) Prefer that the author remove hardcoded credentials and instead accept user-provided API keys via declared env vars, and explain/install required binaries. (4) If you want to test it: run in an isolated sandbox/container, monitor network calls, and replace the embedded tokens with your own keys (or delete them) before using. Ask the publisher to (a) declare required binaries and env vars, (b) remove or justify embedded keys, and (c) avoid absolute /root paths so the skill is portable and auditable.

Review Dimensions

Purpose & Capability: concernThe skill claims to perform ROIC/CAPM valuation using Tushare and 'Tavily' search. However, the code embeds a hardcoded TAVILY_API_KEY and a hardcoded Tushare pro token (pro_api call) instead of declaring required credentials. The manifest declares no required env vars or binaries, but the script clearly depends on the 'tushare' Python package, the 'node' binary, and a local Node script at an absolute path (/root/.openclaw/workspace/skills/tavily-search/scripts/search.mjs). Those dependencies and credentials are not reflected in the skill metadata and are disproportionate to what the SKILL.md states.
Instruction Scope: concernSKILL.md instructs the agent to run the included Python script for valuation (in-scope). The script however invokes external Node search scripts via subprocess (sending text queries to a tavily-search script), sets an API key in the environment at runtime, and uses a hardcoded Tushare API token. The code thus performs network searches and remote API calls beyond the single-step valuation described in the SKILL.md; it also relies on a specific local filesystem layout (/root/...) which is not documented. While these actions could be legitimate for data collection, they expand the runtime scope without being declared.
Install Mechanism: concernThere is no install spec but the code depends on external tooling: 'node' and a local Node script, plus the 'tushare' Python package. The manifest lists no required binaries or packages. The skill therefore risks failing or invoking unexpected local scripts/executables (absolute /root path). No package provenance or install safety is provided.
Credentials: concernThe skill declares no required environment variables or credentials, yet the code sets os.environ['TAVILY_API_KEY'] to a literal API key and calls ts.pro_api(...) with a hardcoded token. Hardcoded credentials are a red flag: they may be leaked/stolen credentials or tie API usage to the author's account. The script overwrites/sets an env var at process startup without declaring it, and it does not provide a way to supply the user's own credentials via declared env vars.
Persistence & Privilege: noteThe skill does not request persistent installation (always: false) and does not appear to modify system-wide settings or other skills. It does set an environment variable only within the process and invokes subprocesses. That limits persistence, but the subprocesses call remote services and depend on local scripts, increasing runtime risk. No evidence of writing persistent credentials or altering other skills was observed in the provided files.