Skillv1.0.5

ClawScan security

Stock Valuation using Aswath Damodaran methodologies · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 12, 2026, 9:56 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (local Docker-based DCF valuation using multiple LLM providers) is plausible and its runtime instructions are reasonable, but the registry metadata over-claims required environment variables (many provider keys and prompt-dump settings are marked required even though the SKILL.md treats them as optional), which is an incoherence that increases risk.
Guidance: This skill appears to be what it claims (a local Docker-based valuation app) and its runtime instructions are reasonable and cautious, but the registry metadata overstates required environment variables. Before installing or running: 1) prefer the manual git + docker-compose path and inspect install.sh locally before executing it; 2) do NOT paste API keys into chat—set them in a .env file on your machine and keep .env out of version control; 3) only provide provider keys for the backends you actually intend to use (you do not need to hand over every LLM provider key); 4) keep DUMP_PROMPTS=false unless you explicitly want prompt dumps (they can include sensitive research and prompt text) and ensure PROMPT_DUMP_DIR is a safe local path; 5) confirm which env vars are truly required by the repo (the SKILL.md marks many provider keys as optional) and consider asking the skill maintainer/registry to correct the metadata if it incorrectly marks optional keys as required. If you have limited trust in the repository, run it in an isolated environment (separate Docker host or VM) and avoid supplying multiple high-scope API keys until you verify behaviour.

Review Dimensions

Purpose & Capability: noteName/description match the actions described in the SKILL.md: a local Dockerized valuation platform that can use multiple LLM providers, read .env, and run Docker Compose. Required binaries (git, docker/docker-compose) are appropriate. However, the registry marks many provider API keys and prompt-dump vars as required even though the docs state provider keys and prompt dumping are optional for fuller workflows.
Instruction Scope: okSKILL.md instructs the agent to inspect repo files (README.md, .env.example, docker-compose.local.yml) and follow local Docker Compose flows. It explicitly warns not to ask users to paste secrets into chat, recommends inspecting install.sh before running and treats prompt dumping and volume deletion as privacy/destructive actions. There are no instructions to read unrelated system files or exfiltrate data.
Install Mechanism: okThis is an instruction-only skill (no install spec). That minimizes disk-write and remote-code risks; the guidance recommends manual cloning and inspecting installer scripts rather than curl|bash.
Credentials: concernThe skill's required env list in the registry includes many LLM provider API keys (ANTHROPIC_API_KEY, OPENAI_API_KEY, GROQ_API_KEY, GEMINI_API_KEY, OPENROUTER_API_KEY), DUMP_PROMPTS, PROMPT_DUMP_DIR, and multiple service secrets. The SKILL.md and referenced docs, however, treat provider keys and prompt dumping as optional. Flag: metadata overstates 'required' credentials. While many keys are plausibly used by the application, marking them all required increases the chance a user will supply high-privilege secrets unnecessarily and widens attack surface. DUMP_PROMPTS/PROMPT_DUMP_DIR are privacy-sensitive and should not be mandatory.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated platform privileges. It does not ask to modify other skills or system-wide settings. Default autonomous invocation is allowed (platform default) but is not combined here with other high-risk properties.