Stock Daily Report

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its stock-report purpose, but it includes optional unattended Feishu message sending that needs careful review before use.

Install only if you want a stock report tool that may also be configured to send reports through Feishu. Review install.sh before running it, especially because it can use sudo and download dependencies. Do not run schedule_push.py or add the Feishu cron entry until you have checked the recipient target and confirmed which openclaw messaging account will be used; avoid scheduling push delivery if you only want local reports.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Rogue AgentSelf-Modification, Session Persistence
Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration

Findings (9)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: if os.path.exists(image_file): # 使用 openclaw message 命令推送 # 注意：--target 指定接收人，这里使用当前会话的 user message_result = subprocess.run( ["openclaw", "message", "send", "--channel", "feishu", "--target", "ou_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", # 替换为实际用户 ID
Confidence: 86% confidence
Finding: message_result = subprocess.run( ["openclaw", "message", "send", "--channel", "feishu", "--target", "ou_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", # 替换为实际用户 ID

Lp3

Medium

Category: MCP Least Privilege
Confidence: 84% confidence
Finding: The documentation describes capabilities that include network access, file read/write, and shell execution, but no permissions are declared. This creates a transparency and consent failure: users may install or run the skill without understanding that it can fetch remote data, write files, invoke installation scripts, and potentially interact with the host environment.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 93% confidence
Finding: The skill is presented as a report generator, but the documentation also describes unattended scheduling and pushing generated content to Feishu via messaging tooling. That behavioral mismatch is security-relevant because it hides outbound communication and automation features that can exfiltrate generated data or operate without direct user initiation.

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The file goes beyond generating a daily stock report and automatically prepares content for outbound delivery to Feishu. In skill environments, hidden or undocumented data egress increases risk because users may not expect generated artifacts to be transmitted to external services.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: Invoking an external CLI to send Feishu messages adds a communication channel unrelated to the minimal task of producing reports. This expands the attack surface and can be abused to transmit sensitive or misleading content if the surrounding environment or downstream generation logic is compromised.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The README explicitly instructs users to run `bash install.sh`, and states that the script will install Python packages, system fonts, and download Chromium, but it does not clearly warn about system-wide changes, network access, disk usage, or the trust implications of executing a shell script from the skill. In an agent-skill context, encouraging blind execution of installer scripts increases supply-chain and host-modification risk, especially because the script can perform arbitrary actions beyond the summarized list.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The guide instructs users to run install.sh as part of normal installation and update flow, while describing actions such as installing dependencies, system fonts, and pre-downloading Chromium. Even though this is documentation rather than executable code, it normalizes execution of a local shell script that changes the system state without clearly disclosing scope, privileges, network activity, or the need to review the script first, which increases supply-chain and social-engineering risk.

Session Persistence

Medium

Category: Rogue Agent
Content: 编辑 crontab： ```bash crontab -e ``` 添加（交易日 9:25 生成，集合竞价后）：
Confidence: 82% confidence
Finding: crontab -e

Session Persistence

Medium

Category: Rogue Agent
Content: 编辑 crontab： ```bash crontab -e ``` 添加（交易日 9:25 生成并推送）：
Confidence: 90% confidence
Finding: crontab -e

VirusTotal

No VirusTotal findings

View on VirusTotal