Back to skill
Skillv1.0.0
ClawScan security
Strategic Analyst · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 14, 2026, 6:02 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- An instruction-only market/strategy analyst skill that asks for no credentials, installs, or file access and whose runtime instructions are coherent with its stated purpose.
- Guidance
- This skill appears internally consistent and low-risk: it is instruction-only, asks for no secrets, and stays within market-analysis tasks. A few practical notes: (1) the SKILL.md refers to a web_search tool — that will perform network requests, so confirm which search endpoint the agent uses if you care about privacy or logs; (2) the skill has no homepage or known source, so you cannot audit an upstream author — monitor outputs and avoid submitting sensitive proprietary data; (3) remember this is a research/analysis assistant, not a regulated financial adviser — treat its investment suggestions as informational and verify with qualified professionals.
Review Dimensions
- Purpose & Capability
- okThe name/description (market and investment analysis) matches the SKILL.md content: frameworks, output formats, and recommended information sources. Nothing requested (no env vars, no binaries, no config paths) is unexpected for this purpose.
- Instruction Scope
- okRuntime instructions are limited to analysis guidance and recommend using a web_search tool for up-to-date information. The instructions do not direct the agent to read local files, access credentials, or exfiltrate data outside of normal web queries.
- Install Mechanism
- okThere is no install spec and no code files (instruction-only), so nothing will be written to disk or installed. This is the lowest-risk installation profile.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. That is proportionate to an analysis/reporting agent that relies on public sources and user-provided context.
- Persistence & Privilege
- okalways is false and the skill does not request elevated or persistent privileges. Autonomous invocation is allowed (platform default) but not combined with other concerning requests.