Skillv1.0.7

ClawScan security

银行流水解析，流水报告生成等 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 18, 2026, 8:35 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code, instructions, and required token are consistent with a file-upload + report-generation service, but it will upload sensitive bank files to an external server you don't control — review privacy and token scope before use.
Guidance: This skill appears coherent (it uploads files to a remote API and generates a report using ZY_TOKEN). The primary risk is privacy: bank statements are highly sensitive and will be transmitted to https://ziya.dfwytech.com. Before installing/use, do the following: 1) Confirm you trust the service operator and understand their privacy/storage/retention policy (no homepage or publisher info is provided). 2) Verify the token's scope and rotate it if possible; do not reuse a high-privilege credential. 3) Test with non-sensitive sample files first. 4) Run the skill in an isolated environment or sandbox and monitor outbound network requests to ensure endpoints match expectations. 5) Fix the script path references in SKILL.md if needed so the agent runs the correct files. If you cannot verify the service operator or privacy practices, treat this as high-risk for real bank data and avoid uploading sensitive documents.

Review Dimensions

Purpose & Capability: okThe name/description (bank statement upload and report generation) matches the included scripts and SKILL.md. The scripts post files and report requests to ziya.dfwytech.com and use a Bearer token (ZY_TOKEN) as expected for an API-backed service.
Instruction Scope: noteSKILL.md confines activity to: locate a local file, call upload_file.py to upload it, then call generate_report.py. This is within the stated purpose. Minor inconsistency: SKILL.md references script paths under /models/openclaw/skills/flow/scripts/... while the packaged files live in scripts/ — this may require adjusting paths at runtime. The instructions explicitly upload user files to an external server (necessary for the feature) — this is expected but is a privacy consideration rather than incoherence.
Install Mechanism: okNo install spec; the skill is instruction-only plus two Python scripts. No network downloads or archive extraction occur at install time. Execution requires a Python runtime and network access, which is proportional to the task.
Credentials: okOnly the primary credential ZY_TOKEN is used and is required for API Authorization. The scripts accept the token as an argument or via ZY_TOKEN environment variable — consistent and proportionate to the described API usage.
Persistence & Privilege: okThe skill is not marked always:true and does not request system-wide or other-skills configuration changes. It runs on demand and does not request elevated persistence privileges.