Skillv1.0.0

ClawScan security

Trading Quant · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 27, 2026, 12:42 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally consistent with a quantitative trading tool: it requires no external credentials, uses public market data sources and local caches, and its files and runtime instructions match the described purpose — but it will read/write local caches and may download large ML models, so review where it reads/writes before installing.
Guidance: This skill appears to be what it says: a quantitative market-data and scoring toolkit that fetches public market data and performs analysis. Before installing or running it, consider: (1) it will read/write local caches (e.g., /tmp/quant_industry_cache.json) and may try to read a watchlist at a relative path (../../../../../knowledge/watchlist.json) — remove or inspect that file if you don’t want it used; (2) the sentiment module can download HuggingFace models into ~/.cache/huggingface (large network/downloads) — if you have limited bandwidth or disallow external model downloads, block that or pre-populate the cache; (3) it creates/uses a workspace directory (TRADING_WORKSPACE, default ~/.openclaw/workspace-trading) — review that directory contents for persisted outputs; (4) run the code in a sandbox or review scripts/quant.py and data_sources/* fully (network endpoints) before granting the agent permission to execute it autonomously; (5) no credentials are required by the skill manifest, so there is no obvious secret-exfiltration request, but network access during runtime will contact public market sites and HuggingFace. If you want higher assurance, request the maintainer to document exact endpoints and to remove the relative path climb to knowledge/watchlist.json or make it explicitly configurable.

Review Dimensions

Purpose & Capability: okName/description (quant trading data & scoring) align with included files: many data_source modules (tencent/sina/eastmoney/akshare/yfinance/etc), scoring/analysis modules, and a CLI entry scripts/quant.py. No unrelated credentials, binaries, or install steps are requested.
Instruction Scope: noteSKILL.md instructs the agent to run python scripts/quant.py tools to fetch and analyse market data — this matches the code. The codebase however reads/writes local files: /tmp caches, a HuggingFace cache (~/.cache/huggingface) when loading FinBERT, and a workspace path controlled by TRADING_WORKSPACE (default ~/.openclaw/workspace-trading). The industry classifier tries to prefill from a watchlist at a relative path (../../../../../knowledge/watchlist.json) which may point outside the skill folder; this can read a local watchlist file if present. These file reads/writes are plausible for the tool but are notable scope actions beyond pure network calls.
Install Mechanism: noteNo install spec is provided (instruction-only), lowering disk-write risk from installer scripts. However the package contains many Python modules and a requirements.txt with heavy deps (pandas, pandas-ta, transformers implied by sentiment module). Running will likely require installing these packages and may cause large downloads (HuggingFace models).
Credentials: okThe skill declares no required env vars or credentials. It does read optional environment TRADING_WORKSPACE to determine workspace root (defaults to ~/.openclaw/workspace-trading). No secrets or unrelated credentials are requested by the manifest.
Persistence & Privilege: noteThe skill is not always:true and is user-invocable only. It persists caches (e.g., /tmp/quant_industry_cache.json, ~/.cache/huggingface, and workspace paths) and may create files under the default workspace; it does not modify other skills' configs in the provided code. Autonomous invocation is allowed (platform default) which means it could be run by agents if permitted — combine that with network/model downloads if you are concerned about bandwidth or unexpected model access.