ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

jd-finance

v1.0.0

京东金融服务平台 - 理财产品、京东白条、京东金条、保险服务、信用卡、投资理财一站式管理

0· 262·0 current·0 all-time
by@naive-white-expert
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The description and examples imply access to user-specific account data and transaction capabilities (查看持仓/还款/借款/购买). However the skill declares no credentials, no API endpoints, and no install steps — there is no explained mechanism for accessing a user's JD account, which is disproportionate to the claimed functionality.
Instruction Scope
SKILL.md is high-level and contains example queries and feature lists but does not instruct the agent to call JD APIs, request credentials, or read local files. That makes the instructions internally vague: if the agent is expected to answer account-specific queries, the skill provides no guidance on how to obtain or use authenticated data.
Install Mechanism
No install spec and no code files — lowest-risk delivery model. Nothing will be written to disk by the skill itself.
!
Credentials
The skill requests no environment variables or credentials despite describing actions that would require account authentication. Either the skill is only informational (which should be made explicit) or it omits necessary auth requirements — both are problematic for user expectations and security.
Persistence & Privilege
Defaults are used (not always:true). The skill can be invoked by the agent autonomously, which is normal and not in itself a red flag.
What to consider before installing
This skill reads like a product description rather than a functioning connector. Before installing or using it: 1) Ask the author how it accesses user accounts — does it use official JD APIs/OAuth? Where are credentials kept? 2) Never paste passwords or API keys into chat; prefer OAuth flows or platform-managed credentials. 3) If the skill later asks you to provide account credentials directly, treat that as a red flag and decline. 4) Prefer skills with a homepage, source repository, or clear auth instructions; the absence of those details is why this is suspicious.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ebxmvbaytf6c0mwghs6xv1n84238d
262downloads
0stars
1versions
Updated 2w ago
v1.0.0
MIT-0
@naive-white-expert
latest
Download

JD Finance (京东金融)

京东金融服务平台,提供全方位的金融理财解决方案。

理财产品

产品类型

  • 定期理财
  • 活期理财
  • 基金投资
  • 贵金属投资
  • 股票相关

理财功能

  • 产品浏览与筛选
  • 收益率对比
  • 购买与赎回
  • 持仓查询
  • 收益统计

京东白条

白条服务

  • 消费信贷额度
  • 免息分期
  • 白条还款
  • 额度提升申请
  • 白条优惠活动

白条使用

  • 购物分期
  • 信用支付
  • 白条取现

京东金条

金条服务

  • 借款申请
  • 借款额度
  • 还款计划
  • 利率查询
  • 提前还款

借款流程

  • 额度评估
  • 借款申请
  • 资金到账
  • 按期还款

保险服务

保险类型

  • 意外险
  • 健康险
  • 旅游险
  • 财产险
  • 车险

保险操作

  • 产品浏览
  • 投保购买
  • 保单查询
  • 理赔申请

信用卡

信用卡服务

  • 小白卡申请
  • 卡片管理
  • 账单查询
  • 还款服务
  • 积分查询

使用示例

查理财产品

京东金融有哪些收益高的理财产品?

白条查询

我的京东白条额度是多少?本月要还多少?

金条借款

京东金条可以借多少钱?利息多少?

查持仓

显示我在京东金融的理财持仓和收益

## 账户管理

- 总资产查询
- 收益统计
- 风险评估
- 投资建议

## 触发条件

- 用户提及京东金融、京东理财
- 白条、金条相关需求
- 京东保险服务

Comments

Loading comments...