Back to skill
Skillv1.0.1
ClawScan security
Super Trend Analysis · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 12, 2026, 2:14 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This skill is internally coherent: it implements purely local technical-analysis scripts that read CSV price files, compute indicators (MA/MACD/RSI/Bollinger), and write markdown/CSV reports — it does not request credentials, call external endpoints, or install suspicious packages.
- Guidance
- What to consider before installing: (1) This tool runs arbitrary Python code locally and will read any CSV file path you pass (or many CSVs if you run batch), and it writes reports under 'trend_reports' — only run it on datasets you trust. (2) It has no network calls or credential requests, so it won't exfiltrate data by itself, but because it executes Python code you should inspect the scripts (already provided) or run them in a sandbox/virtualenv. (3) The SKILL requires Python libraries (pandas, numpy, matplotlib, seaborn, ta); installing third-party packages can pull additional dependencies — prefer a virtualenv. (4) This is an analysis aid, not investment advice; outputs include a disclaimer. (5) If you need higher assurance, run the scripts in an isolated VM/container and review the code lines that read/write files (load_data, find_csv_files, output path creation).
Review Dimensions
- Purpose & Capability
- okThe name/description claim a multi-indicator technical analysis tool and the code + SKILL.md implement that: indicators.py computes SMA/EMA/MACD/RSI/Bollinger, analyze_trend.py generates reports, batch_analyze.py processes directories. Required capabilities (pandas/numpy/etc.) are proportional and expected for this purpose. There are no unrelated requirements (no cloud credentials, no unrelated binaries).
- Instruction Scope
- okSKILL.md instructs the agent to run local Python scripts against local CSV files and to optionally generate plots; the actual scripts read CSVs, compute indicators, write markdown reports and CSVs to a local 'trend_reports' directory. There are no instructions to read unrelated system files, access environment secrets, or transmit data externally. Note: the --plot flag is present but plot generation is 'coming soon' in code (prints a placeholder).
- Install Mechanism
- okThis is instruction-only (no install spec). Dependencies are standard Python libs installed via 'pip install pandas numpy matplotlib seaborn ta' per SKILL.md — this is expected and traceable. No remote downloads or archive extraction are present in the skill bundle.
- Credentials
- okThe skill does not declare or use any environment variables, credentials, or config paths. All file access is limited to CSV inputs provided by the user and the local output directory. No secrets or external service tokens are requested.
- Persistence & Privilege
- okFlags show no 'always' privilege and the skill does not modify other skills or system-wide agent settings. It creates a local output directory for reports (trend_reports) which is appropriate for its function. Autonomous invocation is allowed by default but not unusual for this type of skill.