Skillv1.0.1

ClawScan security

腾讯自选股数据工具 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 17, 2026, 11:46 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (query Tencent stock data) matches its instructions, but it tells the agent to run npx -y to fetch and execute an npm package at runtime — a non-trivial supply-chain/execution risk that isn't enforced or scoped by the skill bundle.
Guidance: This skill looks coherent for fetching/analysing stock data, but it relies on running an npm package with 'npx -y', which downloads and executes code at runtime — a meaningful supply-chain and execution risk. Before installing or enabling it: (1) review the npm package source (GitHub) and verify the maintainer; (2) confirm the published integrity/shasum match the package you fetch; (3) if possible, avoid npx -y in sensitive/production environments — instead pre-download and audit the package or run it in an isolated sandbox; (4) consider asking the skill author for a non-executing, API-based integration or for the package source to be vendor-reviewed; (5) if you must use it, run initial tests in a restricted container and consider disabling autonomous invocation for this skill. If you want, I can suggest exact checks to verify the npm package (where to look on the registry/GitHub and how to validate the integrity).

Review Dimensions

Purpose & Capability: okName/description describe querying A/HK/US market data and the SKILL.md consistently instructs using the npm package westock-data-clawhub to perform those queries and formatting. The documented commands and output formats align with the claimed capability.
Instruction Scope: noteRuntime instructions direct the agent to run npx -y westock-data-clawhub@1.0.4 for all queries. The guidance otherwise stays within the data-analysis scope and does not ask the agent to read unrelated local files or credentials. However, instructing npx -y implicitly executes third-party code (network download + run), which goes beyond a pure 'call an API' instruction and increases risk.
Install Mechanism: concernThere is no formal install spec in the registry entry; instead the SKILL.md recommends 'npx -y' which downloads and executes a package from registry.npmjs.org at runtime. That pattern creates a medium–high supply-chain risk: arbitrary code could run in the agent environment. The SKILL.md does include a sha512/shasum and a maintainer note, which is good, but the skill bundle does not enforce integrity verification or provide the package source code for review.
Credentials: okThe skill does not request environment variables, credentials, or config paths. The data access described (market data) does not appear to require additional secrets, so requested privileges are proportionate.
Persistence & Privilege: notealways:false (normal). Autonomous invocation is allowed (platform default). While that alone is acceptable, combining autonomous invocation with on-demand execution of an npm package increases the blast radius if the fetched package is malicious or compromised.