Is technical-analyst safe?

https://clawhub.ai/skill/technical-analyst

89
SAFE

This is a benign technical analysis skill focused on weekly price chart analysis. It contains only markdown documentation and JSON metadata with no executable code, no external URLs, no sensitive file access, and no prompt injection attempts. The only notable behaviors are instructing the agent to read bundled reference files and write analysis reports to the working directory, both of which serve the skill's stated purpose.

Category Scores

Prompt Injection 85/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 80/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 78/100 · 5%

Findings (9)

LOW File write instructions in SKILL.md -5

The skill instructs the agent to save analysis reports as markdown files in the working directory using a specific naming convention. While this serves the skill's stated purpose, it constitutes a behavioral directive that writes to the filesystem without explicit per-file user confirmation.

LOW Persona assignment in template -5

The analysis template assigns the agent the persona 'Claude Technical Analyst'. This is cosmetic and limited to report headers, but represents a mild identity modification.

LOW Instructed file reads of bundled references -5

The skill instructs the agent to read two specific files before analysis. Both files are bundled within the skill directory and contain only benign technical analysis content. However, this pattern of instructing file reads could be abused in modified versions.

INFO TLS connection during installation -5

A TLS connection to 216.150.1.1:443 was observed during skill installation. This is consistent with the ClawHub registry download and is expected behavior.

INFO No exfiltration vectors detected 0

The skill contains no external URLs, no network instructions, no encoding schemes, and no references to sensitive file paths. All data stays local.

INFO No executable code present 0

The skill consists entirely of markdown documentation, a JSON metadata file, and an empty package.json. No executable code, install scripts, git hooks, or symlinks are present.

INFO Narrowly scoped financial analysis skill -2

The skill is well-scoped to technical chart analysis. It does not request shell access, network access, or any capabilities beyond reading its own reference files and writing analysis reports. The risk of misuse in combination with other skills is minimal.

LOW Financial disclaimer present but non-regulatory -5

The skill includes a disclaimer stating analysis is not investment advice, but this is embedded in the template rather than prominently enforced. Users could mistake AI-generated technical analysis for professional financial guidance.

INFO Lock file references different skill name -5

The .clawhub/lock.json references 'academic-research-hub' rather than 'technical-analyst'. This appears to be a stale lock file from a previous skill installation in the same directory, not a security concern.