Back to skill
Skillv1.0.0
ClawScan security
Equity Analyst Test · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 11, 2026, 9:12 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent with its stated purpose (Korean equity analysis): it asks for no extra credentials, has no install steps, and includes a local scoring script that implements the documented framework.
- Guidance
- This skill appears coherent and implements the documented scoring framework in its local script. Before installing, confirm your agent is allowed to use a browser/web-scraping tool (SKILL.md requires visiting Naver Finance). Verify that scraping Naver is acceptable for your use case and that the agent will not follow or fetch unrelated links. Test the skill with non-sensitive tickers first. Remember this is a scoring tool, not personalized investment advice—do not treat outputs as professional financial advice.
Review Dimensions
- Purpose & Capability
- okName/description (equity analysis for Korean stocks) matches the requested actions: fetch Naver Finance data, extract financial metrics, news, and simple chart descriptions, then compute scores. There are no unrelated requirements (no cloud credentials, no system paths).
- Instruction Scope
- noteSKILL.md instructs the agent to use a browser tool to visit Naver Finance and extract specific fields (PER, PBR, ROE, etc.), plus recent headlines and a brief chart description. This stays within the stated purpose. Note: it relies on web-scraping via the agent's browser tool—confirm the agent has safe web access and that scraping Naver (and any linked pages) complies with site terms. The instructions do not ask to read local files or environment variables.
- Install Mechanism
- okNo install specification; the skill is instruction-first and ships a local Python script. No downloads or archive extracts are performed, which minimizes disk-write/install risk.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. The Python script operates solely on provided JSON input and does not attempt to read environment or external secrets—proportional to its purpose.
- Persistence & Privilege
- okalways is false and default autonomy settings remain. The skill does not request persistent system-level presence or modify other skills' config. It appears to run only when invoked.