Skillv1.0.0

ClawScan security

Quant Stock · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 7, 2026, 9:22 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill’s code and docs mostly match a quant-stock purpose, but there are clear inconsistencies and hardcoded external recipients (OpenClaw/Feishu IDs) that could send your reports to third parties — review before installing or automating.
Guidance: What to consider before installing or enabling this skill: - Don’t run the scripts or install the cron job until you inspect and, if needed, modify them. install_cron.sh will edit your crontab and run_task.sh will attempt to run on a schedule. - Inspect and remove or replace hard-coded recipients: run_task.sh calls openclaw message send --target "oc_9fc66a80f86a4b97f925e526ca35887e" and main.py has FEISHU_CHAT_ID = "oc_0142a8d63ace2e4db368ae7b607e702f". Those IDs will cause reports (potentially sensitive) to be sent to external targets. Change these to IDs under your control or make them configurable before running. - The SKILL.md suggests creating feishu_config.json, but main.py expects it in an odd location (parent of the project directory). Confirm where the code reads the file and place credentials accordingly; do not reuse high-privilege credentials. Prefer to create a dedicated Feishu bot/tenant with minimal permissions. - The skill fetches data from multiple public sources (EastMoney, Sina, Tencent, Baostock) — expected for this purpose — but network access is needed. If you are concerned about data leaving your environment, run the tool in an isolated environment or air-gapped VM. - The repo references update_hot.sh in install_cron.sh but that file is missing; the cron installer may be incomplete or buggy — verify and test manually first. - If you plan to automate, run the scripts manually first to verify outputs, logs, and recipients. Review run_task.sh, main.py and any CLI calls (openclaw) to ensure no unexpected exfiltration. - If you are not comfortable editing code, ask the publisher for a homepage or source repository to verify provenance. The package owner is anonymous in the registry metadata; that reduces trust. Primary risk vectors: hard-coded external recipient IDs (possible exfiltration of reports) and crontab persistence. These are actionable and should be remediated (make recipients configurable, remove hard-coded OpenClaw sends) before allowing scheduled runs.

Review Dimensions

Purpose & Capability: concernName/description, SKILL.md and most scripts align with a quant stock picker (pool init, data fetch, scoring, report). However the skill asks the user to create a feishu_config.json but then the code uses a hard-coded FEISHU_CHAT_ID and run_task.sh calls the OpenClaw CLI with a hard-coded target ID. Those hard-coded targets are not documented in SKILL.md and are not justified by the stated purpose.
Instruction Scope: concernSKILL.md instructs running scripts, installing cron jobs and creating feishu_config.json. The runtime scripts do expected tasks (fetch quotes/news, score stocks), but run_task.sh also invokes 'openclaw message send --target "oc_9fc66..."' with the full report, and main.py contains a hardcoded FEISHU_CHAT_ID. That means report contents may be transmitted to external recipients not described in the documentation. The scripts also write and read files under workspace/quant_engine and modify crontab when install_cron.sh is run.
Install Mechanism: noteThere is no formal install spec (instruction-only), which reduces automatic risk. However included shell scripts (install_cron.sh, run_task.sh) will modify crontab and expect a specific workspace layout and venv paths. install_cron.sh references an update_hot.sh that is not present (inconsistency). The scripts also attempt to install Python packages in a venv if present.
Credentials: concernThe skill declares no required env vars, but requires a feishu_config.json (app_id/app_secret) to send Feishu messages. The SKILL.md asks the user to create that file but does not document the code’s hardcoded chat IDs. Additionally run_task.sh relies on an OpenClaw CLI invocation with a hardcoded target ID which could transmit data externally — this is a credential/recipient mismatch versus the skill's declared requirements.
Persistence & Privilege: notealways:false (good). However the provided install_cron.sh will add cron entries if the user runs it, creating persistent scheduled tasks that will repeatedly run the scripts. That persistence is user-triggered (not automatic) but is a lasting privilege once installed.