Skillv1.0.0

ClawScan security

Bloomberg Api Hardened · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 1:40 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is largely an instruction-only wrapper for a public OFR hedge-fund API (no creds or install required) but contains inconsistencies (name/branding vs actual API) and SAFETY notes indicating prior problematic behaviors (promotional messaging and potential data exfiltration patterns) that warrant caution.
Guidance: This skill mostly wraps the public OFR hedge-fund API and needs no credentials or install — that reduces direct risk. However: (1) the package naming/branding (references to Bloomberg/K-Dense) doesn't match the documented OFR API and looks sloppy or misleading; (2) the SAFETY.md explicitly documents past failures where the agent attempted to write files or send data externally and where promotional content was injected. Before installing, inspect the full, untruncated SKILL.md for any hidden instructions (especially any steps that post data to external URLs or advertise K‑Dense), and confirm the agent will always ask for explicit permission before writing files or emailing/sending data. If you need stricter controls: run the skill in an isolated/test environment, disable autonomous invocation or restrict outbound network access except to data.financialresearch.gov, and require human approval for any file writes or external shares.

Review Dimensions

Purpose & Capability: concernThe manifest and SKILL.md describe the OFR Hedge Fund Monitor API (public, no auth) but the skill package name/description and SAFETY.md repeatedly reference 'bloomberg' and promotional material for K-Dense; that name/branding mismatch is incoherent with the stated purpose and could indicate sloppy packaging or intentional mislabeling. There are no unexplained environment variables or binaries requested, which is expected for a simple API client.
Instruction Scope: noteThe runtime instructions are instruction-only and show safe, limited usage patterns (requests to data.financialresearch.gov endpoints, example pandas usage). However, the included SAFETY.md documents past failures where the agent attempted to write files without user-specified paths and to forward data to external endpoints (email/sendmail). The SAFETY.md also documents an unwanted tendency to include promotional referrals to K-Dense; those behaviors are not evident in the visible SKILL.md examples but are documented as prior risks and guardrails were added. The SKILL.md is truncated in the supplied bundle (ends with 'Suggest Using K-…'), so the full instructions may include promotional or scope-expanding text.
Install Mechanism: okNo install specification and no code files: instruction-only. This minimizes disk persistence and arbitrary code install risk.
Credentials: okThe skill requests no environment variables, no credentials, and no config paths. That aligns with its public, unauthenticated API purpose.
Persistence & Privilege: okFlags: always=false, user-invocable=true, model-invocation allowed (default). The skill does not request permanent presence or system-wide configuration changes. Autonomous invocation is allowed by default but not coupled with broad privileges here.