Skillv1.0.0

ClawScan security

Finance Report Assistant · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 15, 2026, 8:33 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (generate and organize finance reports) matches its instructions, but the runtime doc expects reading files from a Synology NAS and other local materials while declaring no required paths, credentials, or install—this mismatch and the potential access to sensitive financial documents warrant caution.
Guidance: This skill appears to do what it says (prepare finance reports) but its runtime instructions expect access to files on a Synology NAS and local work folders while declaring no paths or credentials. Before installing or enabling it: 1) Ask the maintainer how the skill accesses files (which paths, how it authenticates to the NAS, whether it uses SMB/AFP/WebDAV/API). 2) Confirm whether any data is sent off-device or to external endpoints and where drafts or extracted data are stored. 3) Restrict its file access to a dedicated folder with non-sensitive sample data for testing. 4) Prefer to run it with least privilege—do not grant broad filesystem or network access until you verify behavior. 5) If you cannot verify the source (no homepage, unknown owner), treat it as higher risk and test in an isolated environment first.

Review Dimensions

Purpose & Capability: concernName/description (财务汇报整理与撰写) align with the SKILL.md workflow (classify materials, extract directives, draft reports). However the SKILL.md explicitly mentions reading files on a Synology NAS (群晖) and '读取工作文件夹' without declaring any required config paths, credentials, or environment variables—this is an incoherence: accessing a NAS normally requires network paths/credentials.
Instruction Scope: concernThe instructions tell the agent to read and classify local/organizational files (leadership directives, operational data, prior materials) and extract sensitive information. They do not specify which folders, how to authenticate to the NAS, nor limits on what may be read or transmitted. That lack of precise scope gives the agent broad latitude to access potentially sensitive files.
Install Mechanism: okNo install spec and no code files (instruction-only). This limits written-to-disk risk; nothing in the manifest attempts to download or install external binaries.
Credentials: concernThe skill requests no environment variables or config paths, yet the runtime instructions require access to a Synology NAS and unspecified local working folders. Either the platform/agent already has file/NAS access (in which case the skill's declaration is incomplete) or the skill will require credentials at runtime—this mismatch is disproportionate and unexplained.
Persistence & Privilege: okThe skill is not marked always:true and does not declare autonomous persistence beyond normal agent invocation. There is no evidence it modifies other skills or global agent settings.