Back to skill
Skillv1.0.0
ClawScan security
Mx Select Stock · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 14, 2026, 4:56 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's runtime instructions are coherent for a Meixiang stock‑screening integration, but the package metadata omits the MX_APIKEY and curl requirement and the source/homepage are unknown — this mismatch and lack of provenance are concerning.
- Guidance
- Before installing, note these points: (1) SKILL.md requires an API key (MX_APIKEY) and curl, but the skill metadata does not declare them — ask the publisher to correct the metadata so you know a secret will be used. (2) The skill will send your MX_APIKEY to https://mkapi2.dfcfs.com; only provide a key if you trust Meixiang and that domain. (3) There is no homepage or verified source listed — prefer skills with clear publisher pages or docs. (4) The skill is instruction-only (no install), so it won’t write code on install, but runtime will make outbound HTTP requests. If you proceed: obtain the API key from an official Meixiang/skill page, rotate the key if you later remove the skill, and consider testing with a limited/test key first. If the publisher cannot justify the missing metadata (MX_APIKEY and curl), treat the omission as a red flag.
Review Dimensions
- Purpose & Capability
- noteThe SKILL.md describes a Meixiang (妙想) stock‑screening integration and the described API calls match the stated purpose. However, the registry metadata declares no required environment variables or binaries while the instructions explicitly require an API key (MX_APIKEY) and curl — an inconsistency between claimed requirements and actual needs.
- Instruction Scope
- okInstructions are narrowly scoped to forming a JSON query, POSTing to the stated endpoint (https://mkapi2.dfcfs.com/finskillshub/api/claw/stock-screen), parsing the JSON response, and converting results to CSV/column docs. The instructions do not direct the agent to read unrelated local files or exfiltrate data to other endpoints. The one scope issue is the unspecified conversion scripts (left to implement), which grants implementation freedom but not clearly excessive privilege.
- Install Mechanism
- okThere is no install spec and no code files (instruction‑only), so nothing is written to disk by an installer. This is a low install risk. Note: SKILL.md expects curl to be available; the registry lists no required binaries, which is an omission in metadata rather than an active install risk.
- Credentials
- concernThe runtime instructions require a single API credential (MX_APIKEY) passed in an HTTP header — that is proportionate to the service. But the skill metadata incorrectly lists no required env vars / primary credential. This mismatch can hide the fact that a secret (your MX_APIKEY) will be used/sent to mkapi2.dfcfs.com, and the skill has no declared owner homepage to verify where API keys should be obtained from.
- Persistence & Privilege
- okThe skill is not always-enabled, requests no filesystem config paths, and does not modify other skills or system settings. Autonomous model invocation is allowed (platform default) but is not combined with broad credentials or persistent privileges.