Skillv1.0.1

ClawScan security

financial-data-gateway · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 7, 2026, 8:53 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's described functionality (download PDFs from cninfo and extract financial tables) is plausible, but the package metadata, runtime instructions, and declared resource/credential usage are inconsistent and the skill will send PDF text to a third‑party LLM (OpenAI) — users should review before installing or providing keys.
Guidance: What to consider before installing: - Metadata mismatch: the registry shows no required env vars or install steps, but the skill's docs require pip packages and an OPENAI_API_KEY. Expect to provide an OpenAI key if you use the extraction feature. - Data exfiltration risk: the extraction flow sends page summaries/text to api.openai.com for page localization. Only run this on public/non‑sensitive documents or in an environment where you accept sending content to OpenAI. - Missing code files: the skill references src/tools/*.py but the package contains only markdown docs. Confirm whether the implementation exists elsewhere or you will need to supply/run those scripts yourself. - Installation: following the embedded install instructions will run 'pip install' for standard packages (pdfplumber, openai, requests). If you allow automatic installation, do so in an isolated environment (virtualenv/container) to limit risk. - Operational cautions: batch downloads may trigger cninfo rate limits — add delays or proxies as suggested. Verify outputs on 1–2 companies before running large batches and check the validation fields in the JSON results. Recommended actions: ask the publisher for the missing code files or a verified install spec; if you must proceed, provide an OpenAI key only in a controlled/test environment and avoid sending any non‑public documents to the skill until you confirm behavior and provenance.

Review Dimensions

Purpose & Capability: noteThe stated purpose (download A‑share annual reports from cninfo and extract structured financial statements) matches the instructions and network targets (cninfo and OpenAI). However, the top‑level registry metadata declares no required env vars, no install spec and no code files, while the skill's markdown documents list dependencies (pdfplumber, openai, requests), an OPENAI_API_KEY env var, and reference src/tools/*.py files that are not present in the package. This mismatch (claimed code/tools but no code files; undeclared env var) is inconsistent and may indicate packaging or disclosure issues.
Instruction Scope: concernThe runtime instructions explicitly direct the agent to read PDF pages (workspace/reports/*.pdf), extract text snippets (page summaries) and send them to the OpenAI API for page localization. Transmitting PDF text to an external LLM is outside pure local processing and may expose sensitive text. The instructions also reference filesystem paths and tool files (src/tools/*.py) that are not included, meaning the agent or operator would need to run installation commands or implement missing scripts. While these actions are coherent with the stated extraction purpose, the external transmission of document content and missing code files are noteworthy risks.
Install Mechanism: noteThere is no install spec in the registry (instruction‑only), but the included markdown documents contain 'install' sections that recommend 'pip install pdfplumber openai' and 'pip install requests'. Because installation is left to the operator/agent rather than declared in the registry, installing runtime packages would require executing pip at runtime — a moderate risk if done automatically. The install sources are standard PyPI packages (not arbitrary download URLs).
Credentials: concernThe financial-statement-extraction document requires OPENAI_API_KEY (to call api.openai.com) to perform AI page localization; that need is plausible for the LLM-based page-locating strategy. However, the registry metadata lists no required env vars — an inconsistency. Requiring an OpenAI key is proportionate to the LLM approach, but it grants a third party (OpenAI) access to excerpts of PDF content; if PDFs include sensitive data, this could result in unintended disclosure. No other unrelated credentials are requested.
Persistence & Privilege: okThe skill does not request elevated or persistent privileges (always:false, no system-wide changes). It specifies reading PDF files under workspace/reports/ and writing outputs to workspace/output/, which is proportionate for its purpose. There is no indication it modifies other skills or system configs. The inconsistency is that these filesystem requirements exist only in internal docs and are not declared in registry metadata.