Chinese Interest Rate
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill appears aligned with its stated purpose: it fetches public Chinese interest-rate data, stores a local history file, and alerts on changes.
This looks safe for its stated purpose. Before installing, be aware that it may run a Python script, make outbound requests to public financial-data websites, save a local rates history file, and run daily if you configure the suggested cron schedule.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installation may depend on a local Python runtime even though the registry requirements do not declare one.
The skill expects execution of a bundled Python helper, while the supplied metadata says there is no install spec and no required binaries. This is an under-declared runtime/provenance detail, but the helper source is included and matches the stated purpose.
`python scripts/check_rates.py` 直接运行,脚本自动从网络抓取数据
Confirm Python is available and review the bundled script before relying on scheduled execution.
The skill will contact external financial-data websites when checking rates.
The script performs outbound HTTP requests to fixed public financial-data sources. This is expected for an interest-rate monitor and does not show credential use or unrelated network destinations.
url = f'https://query1.finance.yahoo.com/v8/finance/chart/{ticker}' ... 'https://www.shibor.org/shibor/web-htmls/shibor.html'Use it only in an environment where outbound access to those public data sources is acceptable.
Incorrect or malformed rate data could be saved and influence future change notifications.
The skill can accept agent-supplied rate data and persist it into its local rates file for future comparisons. This is purpose-aligned, but inaccurate supplied data could affect later alerts.
agent_data = json.loads(sys.argv[1]) ... new_data.setdefault(cat, {})[sub] = val ... save_rates(new_data)Prefer trusted data sources and periodically inspect or reset data/rates.json if alerts look wrong.
If configured, the skill may run automatically every day.
The documentation recommends scheduled daily execution. This is disclosed and central to the monitoring purpose, not hidden persistence.
"expr": "0 10 * * *", "tz": "Asia/Shanghai"
Enable the cron schedule only if you want daily automatic checks and know how to disable it.