Skillv1.0.0

ClawScan security

analyst-fundamentals · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 6, 2026, 12:28 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions largely match its stated purpose (scrape EastMoney F10 and produce multi-stage fundamental analysis), but there are notable inconsistencies and persistence-related behaviors (persistent subagent sessions, Windows-only file paths) that don't align cleanly with the declared metadata and raise operational risks.
Guidance: Key things to consider before installing: - Function vs requests: The skill does what it claims (scrapes EastMoney F10 and synthesizes reports), but review whether you want the agent to spawn many subagents and run browser snapshots — this can be resource-heavy. - Persistent workers: The docs contain conflicting instructions; phase1_guide describes launching persistent session workers with no timeout. Ask the publisher why persistent workers are needed and prefer mode="run" (one-shot) unless you explicitly want long‑lived workers. - Filesystem paths: The skill hard-codes a Windows path (C:\Users\pd\...). If your agent runs on Linux/macOS or under a different user, the skill may fail or write files to unexpected locations; request a configurable workspace path or that the skill use a relative workspace path provided by the platform. - Network and data exposure: The skill scrapes external web pages (EastMoney) using browser snapshots. Confirm your environment's network policies and whether snapshots may include any sensitive context. There are no explicit exfiltration endpoints in the instructions, but persistent subagents increase exposure risk. - Testing recommendations: Run the skill in a sandboxed/test agent with non-sensitive inputs first. Monitor spawned subagents, their lifetime, and the directory where files are written. If you don't want persistent sessions, require the skill be modified to use only mode="run" with bounded timeouts. - If you need higher assurance: request the publisher remove mode="session" examples, make the data path configurable, and document expected runtime capabilities (which browser/tooling it requires) and supported OSes.

Review Dimensions

Purpose & Capability: okName/description (A股基本面深度分析) match the instructions: the SKILL.md describes fetching F10 pages from EastMoney, extracting 16 modules, running 6 analysis tasks and 5 report-aggregation tasks. The required actions (browser.open, snapshot, parse, write markdown reports) are appropriate for that purpose. Minor mismatch: the skill writes to a Windows-specific path (C:\Users\pd\... ) while the registry metadata does not declare any OS restriction — this may fail or behave unexpectedly on non-Windows hosts.
Instruction Scope: concernMost instructions stay within the stated purpose (web-scrape F10, parse, analyze). However, there are two problematic instruction-level issues: (1) inconsistent guidance about sessions_spawn mode — the top-level flow emphasizes mode="run" (one-shot subagents), but phase1_guide explicitly shows launching four persistent workers with mode="session" and runTimeoutSeconds:0 (no timeout). Persistent session workers are broader in scope and can keep running/receiving work beyond a single invocation; this elevates lifecycle and privacy risks. (2) Hard-coded filesystem paths (C:\Users\pd\.openclaw\workspace-analysts\...) assume Windows and a particular user-home layout, which is brittle and may cause unintended reads/writes on hosts that do match that path.
Install Mechanism: okInstruction-only skill with no install spec and no code files — lowest install risk. The skill relies on platform capabilities (browser API, sessions_spawn/subagent runtimes) but does not pull external binaries or archives.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. All runtime activity described uses platform primitives (browser snapshot, subagents) and local file writes under the skill's workspace. There are no explicit requests for unrelated credentials or secrets.
Persistence & Privilege: concernAlthough registry flags (always=false) are normal, the instructions include an explicit pattern to start persistent session-mode workers (mode="session" with runTimeoutSeconds:0). Persistent subagent sessions can increase blast radius (long-lived background processes that could be repurposed or exfiltrate data). This is inconsistent with other parts of the document that recommend mode="run" for one-shot tasks. The presence of both patterns is a substantive behavioral inconsistency and a risk factor.