Skillv0.1.0

ClawScan security

Dip or die · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 22, 2026, 6:01 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only trading guide about when/how to 'buy the dip' (options/stock heuristics); it requests no credentials, installs nothing, and its runtime instructions are just content — internally coherent with its stated purpose.
Guidance: This skill is a static trading handbook (not financial advice) and poses minimal security risk because it installs nothing and requests no secrets. Security-wise you can install it without exposing credentials. Operationally, treat its output as opinionated guidance only: do not allow the agent to autonomously execute trades or access your brokerage accounts based solely on this skill. If you plan to act on its recommendations, independently verify numbers (prices, runways, option Greeks) and consider consulting a licensed financial professional.

Purpose & Capability: okThe skill's name and description match the SKILL.md content (a trading/option dip-buying guide). It does not request unrelated binaries, env vars, or config paths.
Instruction Scope: okSKILL.md is a static finance manual and does not instruct the agent to read system files, access credentials, call external endpoints, or perform actions beyond giving trading guidance. It stays within the stated purpose.
Install Mechanism: okThere is no install spec and no code files; the skill is instruction-only, so nothing will be written to disk or downloaded during install.
Credentials: okThe skill declares no required environment variables, credentials, or config paths — proportionate for a read-only trading guide.
Persistence & Privilege: okalways is false and model invocation is allowed (default). The skill does not request elevated or persistent privileges and does not modify other skills or system settings.