Skillv1.0.0

ClawScan security

股票交易下单买卖和查询。 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 6, 2026, 7:25 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions match its trading purpose (it issues HTTP calls to a local trading helper) but it omits clear credential handling, directs you to install a third‑party program from an unverified site, and — combined with the platform allowing autonomous invocation — could perform real trades without clear safeguards.
Guidance: This skill will call a local trading service to execute real buy/sell orders. Before installing or enabling it: 1) Do not install or run software from gp998.com unless you can verify its trustworthiness and source (prefer vendor with clear reputation and audited code). 2) Confirm where your brokerage credentials/API keys are stored (the skill examples use an X-API-Key but the skill does not declare credentials) and never paste live keys into untrusted software. 3) Disable autonomous invocation or require explicit user confirmation for any trade — otherwise the agent could place orders without your prompt. 4) If you test, use a sandbox/paper‑trading environment only. 5) If you must proceed, inspect and control the local trading helper (network access, logs, and what it transmits), and monitor account activity closely. If you are unsure about the external helper or credential handling, do not enable this skill.

Review Dimensions

Purpose & Capability: noteName/description describe trading (place orders, query positions/account, cancel orders) and the SKILL.md shows curl examples to a localhost API which is consistent with a skill that proxies a local trading helper. Requiring curl only is proportional. However, the skill also instructs users to download a third‑party '股票智能交易助手' from https://www.gp998.com (external software), which is not part of the skill package and raises questions about provenance and whether that external component is actually required/trusted.
Instruction Scope: concernThe runtime instructions tell the agent to POST/GET to http://localhost:8888 endpoints and include an X-API-Key header. The SKILL.md implicitly depends on a separate local service that will hold brokerage credentials and perform real trades. The instructions do not require or document how API keys/credentials are supplied securely, nor do they mandate explicit user confirmation before trading. They also advise installing external software from an unvetted site (gp998.com). These factors expand the scope to potentially controlling real finances with little built-in guardrails.
Install Mechanism: noteThere is no install spec in the skill (instruction-only), which is low risk by itself. However, the documentation instructs users to download and install a third‑party trading helper from a specific URL and provides contact QQ — that instruction effectively delegates installation to an unverified external site. The skill itself does not install code, but it depends on external software whose safety and integrity are unknown.
Credentials: concernThe skill declares no required environment variables or primary credentials, yet all example requests include an X-API-Key header (defaulting to 'test-api-key-12345'). This is an incoherence: a trading skill that places orders should clearly declare how credentials are obtained/stored. The lack of declared credentials means the agent or user might need to configure secrets elsewhere (e.g., in the local trading helper), and those secrets could be used to execute financial transactions. Asking users to install external software further obscures where credentials live.
Persistence & Privilege: notealways:false and disable-model-invocation:false (normal). On its own this is acceptable, but because the skill can place trades, the combination of autonomous invocation with no explicit confirmation steps or declared safeguards increases risk. The skill does not request system-wide privileges or modify other skills.