Skillv1.0.0

ClawScan security

Hk LeETF · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 3, 2026, 11:55 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (analyzing HK leveraged ETFs) is plausible, but the runtime instructions reference specific local files and unspecified external data sources without declaring any required credentials or config paths — this mismatch is suspicious and should be clarified before use.
Guidance: Do not install or enable this skill until the author clarifies a few points: (1) Which APIs/endpoints will be used and what credentials (if any) are required? Ask them to declare required env vars or provide placeholders. (2) Why are absolute local paths under /Users/zst referenced? Confirm whether the skill will read files from your machine and, if so, which files exactly; remove or generalize hard-coded paths. (3) Request a description of what data is read/sent externally and where results are posted. If you must test it, run the agent in a sandboxed environment or with a user account that contains no sensitive data. Prefer skills that explicitly declare config paths and required secrets rather than embedding user-specific filesystem paths in SKILL.md.

Review Dimensions

Purpose & Capability: noteName/description match the SKILL.md analysis goals (holdings, NAV, liquidity, arbitrage). However, the skill names external data sources (HK market API, ETF holdings data, NAV tool) but declares no endpoints, credentials, or config — plausible for an instruction-only skill but incomplete. Also lists absolute local project paths that tie the skill to a particular user's environment.
Instruction Scope: concernSKILL.md explicitly lists local files/paths (/Users/zst/clawd/HK_LEETF_README.md and /Users/zst/clawd/memory/hk_leETF/) as 'related files' — this implies the agent should read user-local files. The skill does not declare those config paths or explain what data will be read. Instructions are otherwise high-level (fetch market data, compute deviations) but leave unspecified which APIs/endpoints or credentials to use.
Install Mechanism: okNo install spec and no code files (instruction-only). This is low risk for arbitrary code installation because nothing is written to disk by an installer.
Credentials: concernThe skill declares no required environment variables or credentials, yet describes use of market APIs and data sources which commonly require API keys. It also references absolute user-local paths (suggesting access to files under /Users/zst) without declaring required config paths or explaining why those specific user files are necessary.
Persistence & Privilege: noteThe skill is not 'always: true' and is user-invocable (normal). However, because the instructions imply reading user-local files, allow-listing/autonomous invocation would increase the risk of unintended local data access. No evidence the skill modifies other skills or system settings.