Skillv2.0.0

ClawScan security

A股股票交易助手 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 10, 2026, 9:16 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is mostly consistent with a stock-analysis/trading simulator, but it contains code that programmatically creates scheduled OpenClaw cron jobs (with a hard-coded target ID/channel) and writes to platform paths — behavior that has side effects beyond simple queries and should be reviewed before installing.
Guidance: This skill's analysis and query scripts are coherent with its description and mostly safe to inspect or run in a sandbox. Before installing or enabling it broadly, review and decide about two behaviors: (1) set_alert.py will call the 'openclaw' CLI to create a scheduled job that announces messages to channel 'qqbot' and a hard-coded user ID — if you don't want the skill to create persistent scheduled tasks or message external recipients, remove or modify that code and the default user_id; (2) simulate_trading.py writes a trading_record.json to /root/.openclaw/... — confirm this path and storage policy are acceptable in your environment. Also consider running the scripts in an isolated environment first (no production credentials), verify the endpoints contacted (qt.gtimg.cn, finance.sina.com.cn, EastMoney) are acceptable, and audit/limit network access if needed. If you lack trust in the unknown source, avoid enabling the cron/announcement functionality or strip out openclaw CLI invocations before use.

Review Dimensions

Purpose & Capability: noteName/description match the included scripts: price queries, news/sentiment analysis, sector/fund-flow analysis, batch queries and a simulated aggressive trading strategy. Network requests go to public financial endpoints (qt.gtimg.cn, finance.sina.com.cn, EastMoney), which is expected for real-time data. The only slightly surprising capability is the ability to schedule platform cron jobs and send alerts (set_alert.py) — this is related to the advertised 'price monitor' feature but elevates the skill from passive analysis to active platform interaction.
Instruction Scope: concernSKILL.md instructs running the included scripts only, which is accurate. However, set_alert.py constructs and invokes an 'openclaw cron add' command to create scheduled jobs that will run in the OpenClaw environment and target a channel 'qqbot' and a hard-coded user_id. That creates persistent external-visible actions (announcements/messages) without prompting for explicit consent in SKILL.md. simulate_trading.py writes/reads a trading record under /root/.openclaw/... — acceptable for a skill but notable as it modifies platform state.
Install Mechanism: okNo install specification; the skill is instruction+scripts only and does not download or extract external archives. That minimizes install-time risk.
Credentials: noteThe skill requests no environment variables or credentials, which is consistent. It does hard-code an OpenClaw target user id (D3AA9A40183306D5A885AB9BE7581B06) and a channel name ('qqbot') in set_alert.py; this is not secret-exfiltrating but is an implicit requirement/assumption about the runtime environment (presence of openclaw CLI, available channel and user). It also assumes write access to the skill workspace path.
Persistence & Privilege: concernWhile 'always' is false, set_alert.py calls the OpenClaw CLI to add a cron job (--cron 0 16 * * 1-5) that will persist platform-side and announce messages. This grants the skill the ability to create scheduled/persistent actions in the platform and to target a (hard-coded) recipient/channel. That persistent behavior and cross-component messaging is beyond simple read-only analysis and should be considered a privilege escalation risk if you don't expect persistence.