Skillv1.0.0

ClawScan security

auto-test-skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 30, 2026, 6:48 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill largely matches its stated stock/crypto analysis purpose, but its runtime instructions ask users to harvest browser auth cookies and the code auto-loads a .env file (potentially exposing other secrets) — these mismatches merit caution.
Guidance: This skill appears to implement the advertised stock/crypto analysis features, but exercise caution before installing/running it: 1) Do not copy browser cookies or paste AUTH_TOKEN/CT0 into a file unless you understand and accept the risk — prefer official API keys where possible. 2) Inspect any .env file in the skill/repo root before running; the code will load it automatically and may import unrelated secrets. 3) Run the skill in a sandbox or VM (or isolated user account) if you plan to enable social integrations or cron automation. 4) Verify the 'uv' brew formula source before installing. 5) If you only need core analysis, avoid installing/using the optional Twitter ('bird') integration and skip commands that ask for browser cookies or global CLI installs. If you want more assurance, request the maintainer to: (a) remove instructions to extract browser cookies, (b) require explicit env var declarations for any credentials, and (c) make .env loading opt-in with an explicit flag.
Findings: [DOTENV_LOAD] expected: hot_scanner explicitly loads a .env file and exports values into os.environ to enable optional integrations (Twitter). Loading a .env is reasonable for optional auth, but it can accidentally expose unrelated secrets if a .env exists in parent directories. [BROWSER_COOKIE_INSTRUCTION] unexpected: SKILL.md tells users to extract AUTH_TOKEN and CT0 from browser DevTools cookies. Directing users to harvest browser cookies is unusual and risky — not required by core analysis and not declared as required env. [NETWORK_REQUESTS] expected: Scripts perform many outbound GET requests to public APIs and RSS feeds (CoinGecko, Google News, Yahoo Finance, SEC), which is expected for a feed/analysis skill. [SUBPROCESS_USAGE] expected: The repo references subprocess usage (e.g., recommending bird CLI). Invoking third-party CLIs is expected for optional social integrations, but increases runtime risk if those CLIs are untrusted.

Review Dimensions

Purpose & Capability: noteThe name/description (stock & crypto analysis, hot scanner, rumor scanner) align with included Python scripts and external data sources (Yahoo, CoinGecko, Google News, SEC). Requiring the 'uv' runner and providing brew install for 'uv' is consistent with the example commands. One minor oddity: SKILL.md documents optional Twitter/X integration that requires browser cookie tokens, but the skill does not declare any required environment variables — acceptable if optional, but worth noting.
Instruction Scope: concernSKILL.md explicitly instructs users to extract AUTH_TOKEN and CT0 from browser DevTools cookies and place them in a .env file for Twitter integration. The hot_scanner code automatically loads a .env from the repository root and sets those values into os.environ. That guidance (copying browser cookies into a file) is potentially risky and broadens scope beyond the stated analysis task. The instructions also encourage running cron jobs and installing third-party CLIs (bird) which increases the attack surface.
Install Mechanism: noteInstall spec uses a Homebrew formula 'uv' which is a low-risk, packaged installer compared to arbitrary downloads. No remote archive extraction or unknown URLs are present in the install spec. (If 'uv' is unfamiliar, the user should verify the brew formula source.)
Credentials: concernThe skill declares no required env vars, yet the docs and code expect optional credentials (AUTH_TOKEN, CT0 for X/Twitter, and optional Telegram-style notification tokens). The code will also load a project-level .env automatically, potentially pulling in unrelated secrets if present. Asking users to copy browser cookies into environment variables is disproportionate to a passive analysis task and risky for credential exposure.
Persistence & Privilege: okalways:false and the skill does not request system-wide privileges. It will create local cache/skill storage (e.g., cache dir and ~/.clawdbot/skills/stock-analysis/*.json) which is consistent with watchlist/portfolio features. There is no evidence it modifies other skills or global agent settings.