ClawHub
Back to skill
v1.0.0

Ashare Fund Intel

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:33 AM.

Analysis

The skill is instruction-only and mostly matches its finance-reporting purpose, but it bundles a specific current portfolio and tells the agent to use personal financial context, so users should review it carefully before installing.

GuidanceReview and remove the bundled portfolio file before use unless it is intentionally yours. Provide holdings only in a private user-specific context, verify all market sources and recommendations, and do not treat the generated allocation changes as professional investment advice.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Human-Agent Trust Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
Per-fund action tag: `increase` / `hold` / `reduce` ... Simple suggested allocation change range (percentage points)

The skill is designed to produce concrete position-adjustment suggestions. This is disclosed and purpose-aligned, but it can influence real financial decisions.

User impactA user could over-trust the generated increase/hold/reduce suggestions and make investment changes based on incomplete or incorrect analysis.
RecommendationTreat outputs as informational, verify cited sources independently, and consult a qualified financial adviser before making trades or allocation changes.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityMediumConfidenceHighStatusConcern
references/portfolio-current.md
# 当前持仓 (由用户提供) ... 1. 南方原油LOF-A: 113.39 ... 总金额: 553.25

The skill package includes a specific current portfolio with fund names and amounts. Because the skill uses this reference for personalization, the bundled data can expose or reuse stale/other-user financial context.

User impactReports may reveal or rely on someone else's embedded portfolio, or a user's own financial data could become persistent package content if updated similarly.
RecommendationRemove bundled personal holdings from the skill package; collect holdings per user at runtime, store them only in private user-scoped memory, and clearly explain retention and deletion.
Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
SKILL.md
When first used, confirm these and persist in session memory: Risk preference ... Position style ... Watchlist ... Delivery format

The skill asks the agent to retain personal financial preferences and watchlist information in session memory. This is purpose-aligned for personalization but sensitive.

User impactPersonal investing preferences and watchlists may be reused within the session to shape future outputs.
RecommendationOnly provide financial preferences and holdings you are comfortable having retained for the session; clear or override them when no longer wanted.