ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Currency Forecast

v1.0.0

Professional currency exchange rate analysis and forecasting tool. Provides technical analysis, market research, and predictive insights for currency pairs l...

0· 105·0 current·0 all-time
byNico Wu@ver0n1ca
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The README promises technical indicators and "predictive modeling", but the included scripts/analyze.py returns only placeholder None values and contains no data-fetching or modeling logic. No ML libraries or data-processing dependencies are declared, so the implementation does not match the advertised capabilities.
!
Instruction Scope
SKILL.md instructs the agent to use built-in exec for API calls and web_search for market research. 'exec' is vague and grants the agent broad discretion to run arbitrary shell commands (e.g., curl, wget, or anything else on PATH). The instructions do not specify safe, constrained commands or how external data should be validated; they also reference Frankfurter API but provide no concrete fetch or parsing steps.
Install Mechanism
No install spec is present and this is instruction-only aside from a small local script. Nothing is downloaded or written to disk by an installer, which minimizes install-time risk.
Credentials
The skill requests no environment variables, credentials, or config paths. That is proportionate given the declared use of the public Frankfurter API (which requires no key) and web searches.
Persistence & Privilege
always is false and the skill does not request persistent system changes or modifications to other skills. Autonomous invocation is allowed (platform default) but not combined with elevated privileges here.
What to consider before installing
This skill's description promises professional forecasting, but the only included code is a placeholder and there are no declared dependencies for modeling. The runtime instructions allow the agent to run arbitrary shell commands via 'exec' to call APIs — that gives the agent broad power to run any command on your system if invoked. Before installing or using: (1) don't provide secrets or credentials to this skill; (2) review or restrict what 'exec' is permitted to run in your agent environment; (3) treat outputs as experimental because no actual data-fetch or model code is present; and (4) ask the author for the real implementation or concrete fetch/modeling code (or an explanation why those features are missing) before relying on it for trading decisions.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e2qkqz5m1mpr0wwqs3n1tyd8377z6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

💱 Clawdis

Comments