Back to skill
Skillv0.1.3
ClawScan security
Yingmi Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewApr 14, 2026, 1:59 AM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's functionality (financial queries via a CLI) is plausible, but the runtime instructions ask you to install a third‑party global npm CLI, provide a phone number + SMS verification (which yields an apiKey stored locally), and run remote checks — none of which are declared as required credentials/config in the registry metadata, so the package's actual operational needs are not fully disclosed and may expose PII or require risky installs.
- Guidance
- Before installing or using this skill, note these points: (1) The skill will ask you to install a global npm package (yingmi-skill-cli) and may ask you to run sudo if permissions fail — avoid running sudo on unreviewed code. (2) The CLI initialization flow requests your phone number and an SMS verification code and will write an apiKey to ~/.yingmi-skill-cli/config.json — you are sharing PII and granting the CLI persistent credentials. (3) The registry metadata does not declare the apiKey/phone requirement or provide a homepage/repository link, so the operational details are not fully transparent. Recommended actions: verify the npm package and its source (find the package on npm/Gitee/GitHub, inspect the repository and package contents), avoid global sudo installs (consider a sandbox/container or a local install), review the CLI code for data exfiltration, and only provide phone/SMS codes if you trust the publisher and have validated the upstream repository and privacy policy. If you cannot validate the package source, do not proceed.
Review Dimensions
- Purpose & Capability
- concernThe skill claims to provide finance data/analysis via a CLI (yingmi-skill-cli), which is coherent in general. However, the registry metadata declares no credentials/config required, while the SKILL.md requires a CLI-initialized apiKey (obtained via phone + SMS verification) and writes config to ~/.yingmi-skill-cli/config.json. That mismatch (undisclosed apiKey/PII requirement) is unexpected and should have been declared.
- Instruction Scope
- concernRuntime instructions direct the agent (and/or user) to install/upgrade a global npm package, run CLI commands that read/write local config, request the user's phone number and SMS verification code, and then proceed to use the CLI to call remote MCP tools. Collecting phone numbers/SMS codes and storing an apiKey are sensitive operations and are not surfaced in the skill metadata. The instructions also permit use of sudo for npm install, which elevates risk if the package is untrusted.
- Install Mechanism
- noteThere is no registry install spec (skill is instruction-only), but the SKILL.md recommends npm install -g yingmi-skill-cli@latest from https://registry.npmmirror.com and suggests sudo if permissions fail. The check-upgrade script fetches a remote 'version' file from gitee raw URLs via curl. Using npm global installs and remote curl pulls is expected for a CLI-backed skill, but it increases risk because arbitrary code from the npm package or remote repo will run on the user's system; the documentation does not point to an official, reviewable homepage or repository in the registry metadata.
- Credentials
- concernThe skill metadata declares no required credentials/env vars, yet the runtime flow produces and consumes an apiKey (written to ~/.yingmi-skill-cli/config.json) and requires the user to supply a phone number and SMS verification code. Requesting PII and an apiKey without declaring it is disproportionate and reduces transparency. Also, recommending global installation (and sudo) can require elevated privileges that are not justified in the registry entry.
- Persistence & Privilege
- notealways:false and the skill does not request forced platform presence. However, the skill instructs installing a global CLI and initializing a persistent local config (including an apiKey) in the user's home directory. That creates persistence and modifies the system environment outside the agent; this is expected for a CLI-based integration but is a material privilege and should be considered before installation.