Back to skill
Skillv0.1.1
ClawScan security
Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 17, 2026, 10:44 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill generally matches its M&A due-diligence purpose and runs local Python scripts to fetch/parse PDFs and produce Excel reports, but there are small inconsistencies (notably an undeclared EDINET API key requirement and an uncommon 'uv' install path) that merit attention before installing.
- Guidance
- What to consider before installing: - Functionality: The code and instructions match the advertised M&A/valuation purpose (fetch EDINET filings, parse PDFs, calculate metrics, export Excel). - EDINET API key: If you want the skill to auto-download filings, you must provide an EDINET_API_KEY in your environment. The skill metadata did not declare this requirement — expect the fetch script to fail if the key is missing. Only provide that key if you trust the skill and run it in a controlled environment. - Packages/install: The skill installs standard Python libraries (httpx, pdfplumber, openpyxl). The installer uses 'uv' by default but pip3 is an alternative; if you prefer, install dependencies yourself with pip3 in a virtualenv. - Data handling & network: The scripts will access the network (EDINET API and download URLs) and will read any PDFs you supply. Do not upload sensitive non-public documents you don't want processed or stored. The code prints downloaded file paths and writes files to the specified output directory. - Safety steps: Inspect the three Python scripts yourself (they are short and readable). Run them in an isolated environment (Python venv or container) and avoid giving unrelated credentials. If you need automatic EDINET fetches, consider creating a restricted API key and monitor network activity. - If unsure: If you want to avoid any external network calls, use Option A/B (paste data or upload PDFs) rather than enabling the EDINET auto-fetch path. Overall: the skill appears coherent for its purpose but has a notable metadata/instruction mismatch (undeclared EDINET_API_KEY) and uses an uncommon installer wrapper; verify these items and run in a sandbox if you have security concerns.
Review Dimensions
- Purpose & Capability
- okName/description (M&A due diligence, PDF parsing, valuation) aligns with the shipped artifacts: Python scripts for EDINET download, PDF parsing (pdfplumber), and Excel export (openpyxl). Required binaries (python3) and Python packages (httpx, pdfplumber, openpyxl) are appropriate for the stated tasks.
- Instruction Scope
- noteRuntime instructions are explicit and confined to the skill's scope: collecting public filings (EDINET/官報), extracting text from PDFs, structuring financial statements, calculating metrics, and producing reports/Excel. The scripts read/write files under the skill directory / user-specified output and perform network calls to the EDINET API. The SKILL.md and scripts reference an environment variable EDINET_API_KEY for automatic fetching; this env var is used directly by scripts (fetch_edinet.py) but is not declared in the skill's top-level requirements metadata.
- Install Mechanism
- noteThe install spec uses 'uv' to install Python packages (httpx, pdfplumber, openpyxl). This is not an arbitrary URL download — packages are normal PyPI libraries — but 'uv' is an uncommon installer wrapper; the skill also accepts pip3 as an alternative (anyBins). No remote, unreviewable executables or shorteners are used and no archives from personal servers are fetched.
- Credentials
- concernThe skill metadata declares no required environment variables, yet both SKILL.md and scripts reference EDINET_API_KEY: fetch_edinet.py will exit with an error if EDINET_API_KEY is unset. This undeclared credential requirement is a mismatch. Aside from that, no other secrets or unrelated credentials are requested — network access is limited to EDINET and public filing sites per code.
- Persistence & Privilege
- okThe skill does not request permanent system presence (always: false). It does not modify other skills or system-wide settings. It runs scripts locally and can be invoked by the model (disable-model-invocation is false, which is normal).