ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Creating Financial Models

v1.0.0

Use when user wants to build financial models, DCF analysis, valuation, sensitivity analysis, e-commerce business planning, investment decisions, or project...

0· 40·1 current·1 all-time
by@simoncai519
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The declared purpose (financial modeling / DCF valuation) matches the included artifact: a DCF Python script and methodology notes. There are no unrelated credentials, binaries, or config paths requested.
!
Instruction Scope
SKILL.md promises a full suite (sensitivity/tornado charts, Monte Carlo simulations, Excel workbook + PDF report) and example outputs (output/model.xlsx, output/summary.pdf). The provided script (scripts/dcf_model.py) implements only a simple DCF-to-Excel exporter and prints enterprise value; it does not generate PDFs, charts, sensitivity tables, or Monte Carlo runs. The README instructs running the script but overstates what the script produces.
Install Mechanism
No install spec (instruction-only) which reduces risk, but the script depends on Python and the third-party package xlsxwriter. The skill does not declare these requirements; users may encounter missing-dependency errors. No network downloads or external installers are present.
Credentials
The skill requests no environment variables, credentials, or config paths. The code does not access the network or other system secrets. Requested access is proportional to its (limited) functionality.
Persistence & Privilege
The skill is not forced-always, does not request elevated or persistent privileges, and does not modify other skills or system-wide settings. Autonomous invocation is allowed by platform default but is not combined with other high-risk indicators here.
What to consider before installing
This skill appears to be a legitimate financial-modeling helper, but it is internally inconsistent: SKILL.md claims sensitivity analysis, Monte Carlo, charts, and PDF reports while the only included script performs a simple DCF and writes an Excel file. Before installing/using: 1) confirm you have Python and the xlsxwriter package (pip install xlsxwriter) or ask the author to declare dependencies; 2) don't expect Monte Carlo/sensitivity/PDF outputs unless additional scripts are provided or the author updates the code; 3) review the script for numeric edge cases (e.g., wacc == terminal_growth will divide by zero) and test with non-production data in a sandbox; 4) if you need the extra features, request the missing implementations or updated documentation from the maintainer. These inconsistencies look like incomplete/poor documentation rather than malicious behavior, but verify before relying on the skill for important valuations.

Like a lobster shell, security has layers — review code before you run it.

latestvk974tz1v7ccnxy9v6cbtmft95n84r5ts

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments