Skillv1.0.0

ClawScan security

portfolio management · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 10, 2026, 3:32 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requests and runtime instructions are consistent with a portfolio-analysis tool: it reads user-uploaded holding screenshots and uses web search to gather market/financial data, and it does not ask for unrelated credentials or install code.
Guidance: What to consider before installing: - Privacy of screenshots: the skill requires uploading holding screenshots (costs, quantities, positions). Only upload images you are comfortable sharing and remove unrelated sensitive data (account numbers, full statements). - No credentials requested: good—do not provide brokerage/API credentials; the skill operates from public data searches. - Mandatory recommendations: the skill always produces new-asset recommendations during post-close reviews; expect frequent suggestions even if you have no spare cash. If you prefer fewer recommendations, check whether you can configure or decline them when invoking the skill. - Data sourcing: the skill enforces multi-source validation (good), but verify which sources the agent actually uses (platform's WebSearch implementation) and confirm you trust those sources. - Not professional advice: the skill includes disclaimers but outputs trading suggestions — treat them as informational and confirm with your own due diligence or a licensed advisor. - When to escalate: if future versions add network endpoints, require API keys, install scripts, or request filesystem or system credential access, stop and reassess; those would be red flags. Overall, the skill is internally consistent with its stated purpose, but treat uploaded screenshots as sensitive and review recommended assets carefully before acting.

Review Dimensions

Purpose & Capability: okThe name and description (stock/ETF holdings analysis across A/H/ETF markets) match the instructions: extracting holdings from screenshots (Read tool), performing web searches for technical/flow/fundamental data, and producing structured reports and recommendations. No unrelated binaries, credentials, or config paths are requested.
Instruction Scope: noteInstructions are detailed and remain within the declared purpose (reading uploaded screenshots, multi-source web searches, data validation, structured per-position analysis, and mandatory new-asset recommendations). Note: the skill mandates recommending new markeds on every post-close run (Step 5 is '强制要求'), which is a design choice that could cause frequent unsolicited recommendations — this is consistent with the stated goal but users should be aware. The instructions also require using a 'Read' tool to extract potentially sensitive screenshot data; that behavior is expected but privacy-sensitive.
Install Mechanism: okInstruction-only skill with no install specification and no code files. This minimizes disk-write and arbitrary code risks.
Credentials: okThe skill declares no environment variables, no credentials, and no external config paths. The runtime instructions do not ask for API keys or other secrets. All external interactions are via web searches and public data sources, which aligns with the stated functionality.
Persistence & Privilege: okalways:false (not force-included). The skill relies on normal model invocation and user uploads; it does not request persistent system privileges or modify other skills. Autonomous invocation defaults are unchanged and not concerning here.