Back to skill
Skillv1.0.0
ClawScan security
finstep-tools · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 11, 2026, 12:19 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill mostly does what it says (calls a remote FinStep MCP API) but the package metadata omits the required API signature environment variable and the scripts send a sensitive signature to an external, unverified domain (risk of credential exposure).
- Guidance
- Before installing or running this skill: (1) recognize it requires an API signature (FINSTEP_SIGNATURE) even though the registry metadata does not list it—do not paste secrets into the chat; (2) verify you trust the external domain (http://fintool-mcp.finstep.cn) and the skill publisher before providing the signature; (3) prefer to supply tokens via a secure credential manager rather than pasting them into shells if possible; (4) be aware the scripts include the signature in the request URL (query parameter), which can leak in logs or referrers—ask the provider to use an Authorization header if you need stronger secrecy; (5) if you cannot verify the service/operator, treat this skill as higher risk and avoid providing real credentials.
Review Dimensions
- Purpose & Capability
- noteThe name/description match the included scripts and the declared API endpoints—scripts implement search, quote, plates, company, macro and common functions against an external FinStep MCP service, which is coherent with the stated purpose.
- Instruction Scope
- okSKILL.md instructs the agent to ask the user for an API signature and run local bash scripts; the scripts only call the external JSON-RPC endpoints and do not read unrelated files or other system secrets.
- Install Mechanism
- okNo install spec or external downloads are present; all scripts are included in the skill bundle (no network installation). This minimizes install-time risk.
- Credentials
- concernThe runtime scripts require a sensitive FINSTEP_SIGNATURE environment variable (used via parameter expansion and mandatory in every script), but the registry metadata lists no required env vars—this mismatch is misleading. The signature is transmitted in URL query parameters to http://fintool-mcp.finstep.cn, which can expose the secret in logs or referer headers; the external domain is not verified in the package metadata.
- Persistence & Privilege
- okThe skill is not always-enabled, does not request system-wide changes, and does not modify other skills or system config; autonomous invocation is allowed (platform default) but not combined with elevated privileges here.