Skillv1.0.0

ClawScan security

한국 연금/노후 설계 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 22, 2026, 2:18 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (Korean pension calculators/guides) is plausible, but the runtime instructions reference non-declared tools and a script that would accept sensitive personal identifiers (주민번호) while that script is not provided — these mismatches merit caution before installing or running.
Guidance: What to consider before installing/use: - Do not provide sensitive personal identifiers (예: 주민등록번호) or run scripts unless you can inspect them first. The playbook shows a command that would take a 주민번호 fragment but the actual script is not included for review — that is a red flag. - The skill references local binaries (~/.npm-global/bin/yf) and mentions enabling an API key, but no required binaries or environment variables are declared. Ask the author to list exact dependencies and any environment variables or keys needed. - Before running any referenced script, request the script source (nps_query.sh). If the script will be run by the agent, review its contents for network calls, logging, or exfiltration of data. - Prefer the skill to rely on official public sites for sensitive personal data (it already recommends 내연금/csa.nps.or.kr). If you need precise estimates, use the official site rather than handing PII to a third-party skill. - Ask the publisher to: (1) provide missing scripts or remove scripts that request PII, (2) declare required binaries and environment variables, and (3) clarify connector names/syntax (SKILL.md shows odd tildes ~~, which may be a formatting error). If the author supplies the missing script(s) and a clear explanation of when and how personal identifiers are used (and no undeclared credentials are required), this assessment could be downgraded to benign. Conversely, if the skill actually includes a script that collects or transmits resident registration numbers or requires undeclared secrets, treat it as high-risk and avoid installing.

Review Dimensions

Purpose & Capability: noteThe skill's functionality (pension estimates, IRP vs savings, retirement sim) is coherent with the provided playbook and templates. However the SKILL.md/playbook references external helpers (yahoo-finance-cli via ~/.npm-global/bin/yf, an nps_query.sh script) and mentions activating a 'key' for an API without declaring required binaries or environment variables. Those undeclared dependencies are inconsistent with the declared requirements (which list none).
Instruction Scope: concernInstructions include running a local script to query 국민연금 with a 주민번호 fragment: `bash skills/pension-guide/scripts/nps_query.sh "[주민번호 앞자리]"`. The repository contains only scripts/README.md — no nps_query.sh — so the instructions reference a non-existent script. Asking for or invoking resident registration numbers (PII) to query an API is sensitive. The playbook also instructs calling a user-local binary (~/.npm-global/bin/yf) and web_search; the SKILL.md gives broad discretion to contact web sources. Together this creates risk: the skill could prompt users for sensitive identifiers or run locally-provided scripts (which are not present for review).
Install Mechanism: okThere is no install spec (instruction-only skill), so nothing is automatically downloaded or written by the installer. This lowers installation-time risk. Note: risk remains because instructions expect local scripts/binaries that would be executed by the agent if present.
Credentials: concernThe skill declares no required environment variables or credentials, yet the playbook and domain_config reference an official 국민연금 API and say '키 활성화 후 사용' (enable key before use). That implies API keys or credentials might be needed but are not declared. The instructions also suggest collecting sensitive user data (resident registration number pieces) for API queries. Requesting PII or undeclared API keys is disproportionate to a simple calculator/guide unless explicit, auditable credential handling is provided.
Persistence & Privilege: okThe skill does not request always=true and has no install hooks or config paths. It does not ask to modify other skills or system settings. Autonomous invocation is allowed by platform default, which is expected for skills and not flagged by itself.