Skillv1.0.1

ClawScan security

东方财富金融工具集 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 15, 2026, 4:22 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's stated purpose (Eastmoney data queries) matches the API usage, but the SKILL.md contradicts the registry metadata and instructs the agent to read a local vault file (~/.openclaw/...) that is not declared—this mismatch and implicit local file access are concerning.
Guidance: Before installing: verify the skill's source and vendor (no homepage/source provided). Confirm whether the skill truly requires EASTMONEY_APIKEY and prefer setting that environment variable yourself rather than relying on the skill to read a local vault. The SKILL.md tells the agent to cat ~/.openclaw/workspace/vault/credentials/eastmoney.json (not declared in the manifest) — this could expose multiple API keys or other sensitive data. If you proceed, either (a) set a single EASTMONEY_APIKEY in the agent environment and ensure the agent is blocked from reading your vault path, or (b) inspect the vault file contents locally and ensure it only contains keys you intend to share. Also verify the API_BASE domain (https://mkapi2.dfcfs.com) is legitimate for your use. If you cannot confirm the publisher or do not want the agent to access local credential files, do not install or enable autonomous invocation for this skill.

Review Dimensions

Purpose & Capability: noteThe name/description (Eastmoney financial data: screening, news, query) align with the APIs and API_BASE used. However, the registry metadata earlier claimed no required env vars while SKILL.md declares EASTMONEY_APIKEY as required and documents vault-based multi-key rotation — this metadata mismatch is an inconsistency that should be resolved.
Instruction Scope: concernRuntime instructions explicitly tell the agent to read a local vault file (cat ~/.openclaw/workspace/vault/credentials/eastmoney.json) when the environment variable is absent. That file path is not declared in the skill's manifest. Direct instructions to read local files (especially credential stores) are scope-creep and present a potential data-exposure vector.
Install Mechanism: okNo install spec and no code files are present (instruction-only). This minimizes installation risk because nothing is downloaded or written to disk by an installer.
Credentials: concernRequesting an EASTMONEY_APIKEY is proportionate to the stated purpose. However, the SKILL.md also relies on a vault file containing multiple API keys and instructs reading it without declaring required config paths. That increases the scope of sensitive data access beyond the single API key and is not justified in the manifest.
Persistence & Privilege: noteThe skill is not always-enabled and is user-invocable; autonomous invocation is allowed (platform default). Autonomous invocation combined with explicit instructions to read a local vault raises the blast radius if the agent runs the skill without tight file-access controls, so be cautious even though 'always' is false.