ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

xqant daily gushouplus report

v1.0.0

自动生成每日21:30发布的87只固收+产品全量表现及赛道前后3名归因分析复盘报告。

0· 53·0 current·0 all-time
by@wesdaliang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims to generate a daily 21:30 report by calling Wind functions; the repository includes a Python helper and Wind function reference and a product list, which is coherent. However, SKILL.md metadata inside the skill lists 'python' as a required binary while the registry metadata lists no required binaries — a minor inconsistency. More importantly, the workflow relies on calling Wind (run_function / f_* functions) but the package declares no credentials or environment variables for authenticating to Wind, which is unexpected unless the platform provides an already-authorized Wind connector.
!
Instruction Scope
The instructions direct the agent to: (a) read files named STANDARD/... and MEMORY.md (external/non-included files) as primary sources, (b) query Wind functions for all 87 products, (c) read latest season reports and 15:30 industry data for attribution, and (d) publish automated outputs to a chat channel. Reading unspecified external files (STANDARD/... and MEMORY.md) and 'season reports' is out-of-scope for a pure data-query skill unless the user intends those files to be accessible. The SKILL.md also references a cron job that will auto-publish outputs to chat; that means the skill can cause outbound messages without explicit per-run user approval. These behaviors increase the surface for accidental data exposure or unwanted activity.
Install Mechanism
This is an instruction-only skill with one small Python script; there is no install spec and nothing is downloaded from external URLs. That is the lowest-risk install model. The only small inconsistency is the in-SKILL metadata listing python as a required binary while the registry-level metadata lists none.
!
Credentials
The skill makes repeated Wind API calls (run_function/f_*). Typically Wind access requires credentials or a platform connector; yet no environment variables, API keys, or credential requirements are declared. This is either: (a) relying on the hosting platform's built-in Wind integration (acceptable but should be documented), or (b) an omission (problematic because the skill cannot function or may attempt to access other local secrets). Also, the skill asks to read files like STANDARD/... and MEMORY.md which could contain unrelated sensitive data — requesting access to arbitrary workspace documents without declaring that need is disproportionate.
!
Persistence & Privilege
The skill is not 'always:true', but SKILL.md claims a cron job (ID provided) configured to run every 60 seconds and auto-publish results to a chat channel. For a daily 21:30 report, a 60-second periodic trigger is excessive and may cause frequent automatic executions and chat spam. Autonomous scheduled runs that publish to channels increase blast radius (especially combined with the instruction to read unspecified local files). The skill does not declare the scope/permissions for auto-publishing, nor does it document throttling/guardrails.
What to consider before installing
Before installing or enabling this skill, verify the following: 1) Authentication: how does Wind access occur? Ask whether the hosting platform supplies a Wind connector or whether you must provide Wind credentials—if credentials are required, they should be declared and scoped narrowly. 2) File access: confirm which workspace files the skill will read (STANDARD/... and MEMORY.md). If those paths map to personal or sensitive notes, restrict or sandbox the skill. 3) Scheduler behavior: the SKILL.md lists a cron job that triggers every 60 seconds and auto-publishes—confirm you want automatic publishing and change frequency to a single daily trigger at 21:30 (or require manual approval). 4) Publishing permissions: verify which chat channel the skill will post to and ensure the skill has only the minimal publishing rights needed. 5) Test in a sandbox: run the skill in a controlled environment (no real credentials, limited dataset) to confirm expected behavior and that it only queries Wind and local reference files you approve. 6) Documentation/owner: the skill has no homepage and unknown source; prefer skills with clear authorship or host-provided connectors. If any of the above are unclear or the platform cannot guarantee a dedicated Wind connector, treat the omission of credential requirements and the cron setup as a red flag and avoid enabling automatic runs.

Like a lobster shell, security has layers — review code before you run it.

latestvk973nz2gc38ptv65n2dtppsqe583hdmk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments