Skillv1.1.1

ClawScan security

Investment Multi-Agent Decision System · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 29, 2026, 3:28 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, network access, and filesystem writes are consistent with an investment-analysis CLI: it fetches quotes from Tencent, generates reports under a user workspace, and does not request secrets or unrelated privileges — minor documentation/whitelist inconsistencies exist but do not indicate malicious intent.
Guidance: This skill appears internally consistent with its stated purpose (fetch market quotes from Tencent and produce local analysis reports). Before installing: 1) Inspect scripts/install.sh to confirm it only creates the workspace and pip-installs requirements; run it in a Python virtualenv. 2) Note that financial figures are largely estimated (docs and code state that some metrics are approximations) — do not treat outputs as audited financials. 3) SKILL.md allowed_domains lists qt.gtimg.cn but code also uses web.ifzq.gtimg.cn (Tencent subdomain); confirm you are comfortable allowing those endpoints. 4) Because the skill writes to ~/.openclaw/workspace/investment/, review generated reports/watchlist files for sensitive content. 5) If you plan to run it often, ensure network access policy and platform permissions match your privacy expectations. Overall: safe to run for local analysis after the checks above; the inconsistencies are documentation/versioning sloppiness rather than signs of malicious behavior.

Review Dimensions

Purpose & Capability: noteThe skill's name/description (multi-agent investment analysis) matches the provided scripts: realtime quote fetching, financial-data estimation, 8-analyst voting, and report generation. No unexpected credentials or unrelated binaries are requested. Minor incoherences: README/CHANGELOG still reference AKShare and (in earlier versions) other data sources; config and some docs mention 'eastmoney' or push2.eastmoney.com in places even though the current code and SKILL.md claim to have standardized on Tencent. These are documentation/versioning sloppiness rather than functional mismatches.
Instruction Scope: noteSKILL.md instructs installing and running the included Python scripts which only: read/write under ~/.openclaw/workspace/investment/, and perform HTTPS requests to market data endpoints. That scope aligns with the stated purpose. Small mismatch: SKILL.md's security.allowed_domains lists only qt.gtimg.cn, but the code (financial_data.get_kline_data) also calls https://web.ifzq.gtimg.cn (a Tencent subdomain). This is related to the same vendor but the domain is not enumerated in allowed_domains in SKILL.md — worth correcting. The documentation still contains AKShare examples, but runtime code uses requests and parsing; SKILL.md also sets background_tasks: false and system_commands: false, and the code does not appear to covertly perform system commands or external data exfiltration.
Install Mechanism: noteThere is no platform install spec, but an included scripts/install.sh exists and the repository contains requirements.txt (requests, beautifulsoup4). The install script is typical (creates workspace, installs Python deps). This writes files to the user's home workspace (expected). Review install.sh before running; it is the only file that would perform system changes during install and should be inspected for unexpected behavior.
Credentials: okThe skill declares no required environment variables or credentials. The code does not attempt to read secrets or external credentials; network access is only used to fetch market/quote data. File writes are limited to ~/.openclaw/workspace/investment/ (reports, watchlist), which is appropriate for this utility.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated privileges. It writes only to its own data directory and does not attempt to modify other skills or global agent configuration. SKILL.md declares background_tasks: false; monitor.py exists for on-demand checks but there is no evidence the skill autonomously registers persistent background services.