Skillv1.0.6

ClawScan security

WQBuddy · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 26, 2026, 4:39 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly matches its stated purpose (WorldQuant BRAIN alpha tooling) but contains several inconsistencies and elevated privileges (modifying OpenClaw config, storing plaintext credentials) that warrant caution before installing.
Guidance: This skill appears to implement a real BRAIN alpha workbench, but it asks to store your BRAIN username/password in a local JSON file and to modify OpenClaw's configuration (~/.openclaw/openclaw.json). Before installing: - Verify the npm package and GitHub repo contents yourself (review the code) and confirm the package author and integrity. Do not rely only on the SKILL.md claims. Check the npm package tarball and repository for unexpected network calls or code that reads other files. - Prefer using a dedicated/test BRAIN account (as the skill itself recommends). Treat the credentials as sensitive — consider using an OS credential store/secret manager rather than plaintext config.json. - Ask the publisher to explain why write access to ~/.openclaw/openclaw.json is required and whether the modification is minimal and reversible. If possible perform the plugin registration step manually rather than granting automatic write+restart. - Confirm the token cache implementation (.wq_token.json) and that tokens are not uploaded anywhere. The SKILL.md claims no external upload, but you should verify in the package code. - Request the registry owner to add an explicit install spec (npm/clawhub) in registry metadata to remove the inconsistency. If you cannot inspect the package or are uncomfortable granting platform-config write access, do not install or run with real production credentials.

Review Dimensions

Purpose & Capability: noteName/description and the provided CLI calls (wq backtest / wq search / wq analyze) align with an alpha-research assistant. Requiring the wq CLI and a wq-buddy CLI is expected. However the skill also requests direct write access to the agent/platform config (~/.openclaw/openclaw.json) to add plugin paths — that is a platform-level change that is not strictly part of "run backtests and analyze fields" unless the plugin must be registered with OpenClaw. This capability is plausible but should be justified and explicit in registry metadata.
Instruction Scope: concernSKILL.md instructs the agent/user to store BRAIN username/password in ~/.wq-buddy/config.json (plaintext example), cache session tokens in ~/.wq-buddy/.wq_token.json, read/write a local SQLite DB, update ~/.openclaw/openclaw.json and restart the Gateway, and spawn sub-agents for large batch runs. These instructions go beyond simple CLI invocation: they instruct storing sensitive credentials on disk, modifying the agent platform's config, and creating child agent sessions — all actions with significant side effects. The skill claims no remote uploads, but local storage of credentials and tokens is sensitive and must be validated.
Install Mechanism: noteRegistry metadata lists no install spec but SKILL.md documents npm install -g wq-buddy and lists a GitHub repo and npm package. That discrepancy (no registry-level install spec vs SKILL.md recommending npm) is an inconsistency to confirm. The referenced sources (GitHub and npm links) are standard release hosts — if true, npm/GitHub are reasonable install mechanisms, but the registry should reflect them.
Credentials: noteThe skill requests storing username/password for the BRAIN platform and caching a cookie-session token. Given the platform allegedly only supports cookie auth, requesting credentials is proportionate. However the credential storage method is plaintext file under the user's home directory (config.json), which is risky. The skill does not request unrelated cloud credentials or other environment secrets, which is appropriate.
Persistence & Privilege: concernThe skill requests read-write access to ~/.openclaw/openclaw.json and instructs adding the plugin path and restarting the Gateway. Modifying the platform/agent config and restarting a system component is a persistent/platform-level privilege; combined with credential storage and autonomous invocation (default), this raises risk and should be permitted only after manual review. The skill will also persist data locally (~/.wq-buddy/alpha_workbench.db and references/), which is expected for a workbench but should be protected.