Skillv1.0.0

ClawScan security

finance-daily-report · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 14, 2026, 9:49 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly matches its stated purpose (daily finance reports) but contains several mismatches and risky behaviors — e.g., undisclosed required API keys, scripts that write to shell rc and register cron jobs, and inconsistent paths — so proceed only after review and containment.
Guidance: What to consider before installing: - This skill will call external LLM services (DashScope and a Volcengine endpoint) and expects API keys (DASHSCOPE_API_KEY, optional DOUBAO_API_KEY). The registry did not declare these required credentials — verify and only supply keys you trust for these services. - The provided setup script may append those API keys into your shell rc (e.g., ~/.bashrc or ~/.zshrc). If you don't want keys persisted to shell files, do not accept the automatic prompt; instead set keys in an isolated environment or container. - The skill will register a scheduled cron job via openclaw cron add to run daily and write report files into a workspace (scripts reference both $HOME paths and /root paths inconsistently). Confirm which user account and path will be used (avoid running as root if unnecessary). - The skill fetches data from many external websites and sends content to third-party LLM endpoints. Review the endpoints (coding.dashscope.aliyuncs.com and ark.cn-beijing.volces.com) and the privacy implications of sending scraped content to those services. - If you are not comfortable granting file-write/cron-modification/network egress, run this skill in an isolated environment (dedicated non-root user, container, or VM) and inspect/modify scripts before use. - Ask the author to: (1) explicitly declare required env vars and primary credential in registry metadata, (2) avoid automatically writing to shell RC (or at least prompt and produce a one-line instruction the user can run manually), and (3) unify workspace paths and document where files and cron jobs are created. - If you want help: I can extract the exact places the scripts write files and the exact HTTP endpoints they call, or produce a safe installation checklist (e.g., steps to run in a container and verify behavior) before you enable this skill.

Review Dimensions

Purpose & Capability: noteThe skill claims to use 'external LLM collectors' and the code indeed calls external model endpoints (DashScope / Volcengine). That capability is consistent with generating structured finance reports. However the registry metadata lists no required environment variables or primary credential while multiple scripts rely on DASHSCOPE_API_KEY and DOUBAO_API_KEY; this omission is an incoherence that reduces transparency.
Instruction Scope: concernRuntime instructions and scripts do more than text-generation: they spawn a subagent, read and write skill/workspace files, call many external URLs, call external LLM APIs, and the setup script will read and may append API keys into the user's shell RC. The SKILL.md also instructs automatic cron registration via openclaw cron add. These actions go beyond pure formatting/reporting and involve modifying user environment and network egress.
Install Mechanism: okThere is no external install spec or arbitrary download; the skill is instruction-plus-local-scripts only. No remote code fetch/install step detected in the manifest. The risk comes from what the provided scripts do at runtime, not from an installer.
Credentials: concernAlthough registry metadata claims 'required env vars: none', the scripts expect DASHSCOPE_API_KEY (primary) and optionally DOUBAO_API_KEY, and they attempt to read/write shell RC files to persist keys. The skill also assumes/uses workspace paths (defaults include /root/.openclaw/workspace and references to ~/openclaw-workspace) — inconsistent and potentially privileged. Requesting LLM API keys and writing them into shell config is sensitive and not declared.
Persistence & Privilege: concernThe setup script and SKILL.md will register an automated OpenClaw cron job to run daily and the skill's manage scripts write/modify the workspace config file. While always:false (not force-enabled), the skill modifies user cron and shell RC (persistent system/user state) and will run autonomously per schedule; this elevates blast radius if misused.