ClawHub

investment-data

WarnAudited by ClawScan on May 10, 2026.

Overview

The skill matches a stock-data use case, but its core query currently returns random sample prices and its downloader unsafely extracts a remote archive into the user’s data directory.

Review carefully before installing. Do not trust its current stock-price outputs as real data, and avoid enabling downloads or scheduled updates until the archive extraction is made safe and releases are verified.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

High
#ASI09: Human-Agent Trust Exploitation
What this means

A user or agent could treat fabricated prices as real market data and produce misleading analysis or financial conclusions.

Why it was flagged

The advertised stock-data query path is implemented as random sample data, which contradicts the skill’s claim to provide high-quality historical market data.

Skill content
# TODO: 实现从 Qlib 二进制文件读取数据
# 这里先返回示例数据
'open': np.random.uniform(10, 20, n), ... 'close': np.random.uniform(12, 22, n)
Recommendation

Do not rely on this skill for real investment decisions until the query functions read verified datasets; the skill should clearly label sample outputs or fail closed when real data is unavailable.

High
#ASI04: Agentic Supply Chain Vulnerabilities
What this means

If the upstream archive is compromised or crafted maliciously, running the downloader could overwrite files outside the intended data directory.

Why it was flagged

The skill downloads a remote tar.gz release asset and extracts all entries directly into the output directory without verifying integrity or blocking absolute paths and ../ traversal entries.

Skill content
download_url = f"https://github.com/chenditc/investment_data/releases/download/{version}/{tar_filename}" ... with tarfile.open(tar_path, 'r:gz') as tar:
    tar.extractall(path=output_dir)
Recommendation

Pin and verify release checksums or signatures, extract into a temporary directory, and validate every tar member path before extraction.

Low
#ASI03: Identity and Privilege Abuse
What this means

Supplying this token would delegate access to the Tushare service for data updates.

Why it was flagged

The skill documents an optional provider token for real-time updates; this is purpose-aligned, and the provided code does not show token leakage or hardcoding.

Skill content
# Tushare Token(可选,用于实时更新)
export TUSHARE_TOKEN=your_token_here
Recommendation

Only provide a Tushare token if you need that feature, use the least-privileged token available, and avoid placing secrets in shared logs or files.