Back to skill
Skillv1.0.0
ClawScan security
Trump-invest懂王画k线 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 19, 2026, 10:35 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions (fetch an RSS feed, select items, produce evidence-backed analysis in a Trump-like voice) are consistent with its stated purpose and request no unrelated credentials or installs.
- Guidance
- This skill is internally consistent: it only fetches and parses the specified RSS feed and formats education-style analyses, and it requests no credentials or installs. Before installing, confirm you trust the feed source (https://www.trumpstruth.org) because the model will fetch and summarize whatever that site publishes; the skill's guidance tries to avoid fabricating original tweets but cannot validate source authenticity. If you plan to use Watch mode, understand it requires an external scheduler and that the skill will track a lastSeenId in the conversation state. Do not rely on outputs for trading decisions—the skill includes explicit non-investment-advice rules but its analyses are educational only. If you need stricter safety, ask the developer for an allowlist of domains or for the feed content to be vetted prior to use.
Review Dimensions
- Purpose & Capability
- okThe name/description claim to aggregate trumpstruth.org/feed and produce evidence/analysis in several modes; the SKILL.md only asks the model to fetch and parse that RSS feed and format outputs. No unrelated binaries, env vars, or platform access are requested—requirements match purpose.
- Instruction Scope
- okRuntime instructions are narrowly focused: use web_fetch on https://www.trumpstruth.org/feed, parse <item> entries, select 2–5 items and produce an evidence-backed financial-education analysis and canned output templates. The skill does not instruct reading local files, environment variables, or unrelated system state. It does require maintaining a conversation-scoped lastSeenId for Watch mode and warns that periodic triggers need external scheduling.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files. No downloads or package installs are requested, which is low risk and proportional to its function.
- Credentials
- okNo environment variables, credentials, or config paths are required. The requested external network access is proportional (single RSS feed URL) and justified by the stated purpose.
- Persistence & Privilege
- okalways:false and no system-level persistence are set. The only persistence implied is conversation-scoped state (lastSeenId) to track seen items for Watch mode; the skill explicitly notes external scheduling is required for periodic checks. Autonomous invocation is allowed by platform default but is not combined with elevated privileges.