Skillv1.0.1

ClawScan security

🔥 DeepStock - A股量化投研助手 | 免费提供K线数据 · 技术指标 · 股东人数 · 官方公告解析 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 5, 2026, 3:10 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's API surface mostly matches a stock-data helper, but it instructs the agent to fetch data and automatically download PDFs from an unknown raw IP over plain HTTP and references an undeclared $STOCK_HOME — these mismatches and network risks warrant caution.
Guidance: This skill appears to be a stock-data/announcement helper, but exercise caution before enabling it: 1) The API is at an unknown raw IP over plain HTTP (no TLS) — network traffic is unencrypted and the host identity is unclear. 2) The skill will download announcement PDFs to your filesystem and references $STOCK_HOME even though that env var is not declared — set $STOCK_HOME to a dedicated sandbox directory if you proceed. 3) Remote PDFs can contain malicious content or lead to unexpected file writes; run the skill in a network- and filesystem-restricted sandbox and inspect downloads before opening. 4) Prefer a version hosted on a named, verifiable domain or request the publisher/source code and HTTPS support. 5) Avoid enabling autonomous invocation until you trust the endpoint; ask the publisher for provenance, TLS, and details about what the /api/ann/recent endpoint returns (URLs vs server-side paths) and how downloading is performed.

Review Dimensions

Purpose & Capability: noteThe SKILL.md describes stock data, indicators, holder counts and announcement PDF handling — so the declared purpose matches the endpoints. However the API host is a raw IP (http://60.205.179.76:8000) rather than a named/trusted domain and the skill promises automatic downloading of PDFs to a local path, which is a capability that has additional implications not reflected in the metadata.
Instruction Scope: concernInstructions tell the agent to call remote HTTP endpoints and to download announcement PDFs to a local directory. The doc refers to a $STOCK_HOME/run/ann_downloads/ default but the skill declares no required env var for $STOCK_HOME. Downloading remote files and writing them locally is outside the simple 'query API' model and can expose the agent environment or filesystem to untrusted content.
Install Mechanism: noteNo install spec or code files (instruction-only), which minimizes file-write risk. However the runtime behavior requires network communication with an unknown host at a raw IP over plain HTTP (no TLS), increasing risk of eavesdropping or MITM; this should be considered an operational risk even though nothing is installed.
Credentials: concernDeclared requirements list no env vars, yet SKILL.md references $STOCK_HOME as the default PDF save location. This mismatch is an undeclared environment dependency and may cause the skill to write files to unexpected locations. No credentials are requested, which aligns with the stated purpose, but the lack of TLS and undeclared local path are notable.
Persistence & Privilege: okThe skill is not always-enabled and has no install actions or system-wide configuration changes. It does not request persistent privileges in the metadata.