Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
my_stock_tradeagents_rebuild_skill
v1.0.3当且仅当用户明确提出“重新构建tradeagents”或类似高度相关指令时触发。主要功能为在 ~/TradingAgents 目录下重新创建并激活 Python 虚拟环境,安装包及依赖,最后总结修改并推送到远程仓库。
⭐ 0· 108·2 current·2 all-time
by@canonxu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The SKILL.md behavior (cd ~/TradingAgents, rm -rf venv, python3.13 -m venv, pip install ., git add/commit/push) is consistent with the described purpose, but metadata and declarations are inconsistent: skill.json's description references conda while SKILL.md uses venv, skill.json slug/author differ from registry owner, version numbers mismatch, and the skill declares no required binaries even though it relies on python3.13, git, and shell utilities. These mismatches are unexplained and reduce trust.
Instruction Scope
Instructions perform destructive local actions (rm -rf venv) and repository-wide operations (git add .; git commit; create branch; git push) automatically with no safety checks, diffs, or user confirmation beyond the initial trigger phrase. This can commit and push any files in ~/TradingAgents (including secrets/configs) to the remote. The SKILL.md requires operations be within ~/TradingAgents, which limits scope, but there are no additional safeguards.
Install Mechanism
Instruction-only skill with no install spec or code files — lowest install risk. The scanner had no files to analyze. However, absence of an install spec means required runtime binaries (python3.13, git) are assumed available but not declared.
Credentials
The skill declares no required environment variables or credentials, yet it will push to a Git remote — which requires authentication (SSH keys, credential helpers, or stored tokens). The skill also assumes python3.13 exists. Not declaring these requirements is disproportionate and hides the fact that repository contents (potentially sensitive) may be transmitted to a remote server.
Persistence & Privilege
always:false and the skill does not request persistent privileges or attempt to modify other skills or global agent settings. Autonomous invocation is allowed (platform default); while not flagged on its own, combined with automatic push/commit behavior this increases potential blast radius.
What to consider before installing
Before installing or invoking this skill: (1) Note the inconsistencies in packaging (skill.json vs SKILL.md and owner/slug/version mismatches) — ask the publisher to clarify. (2) Understand the skill will run rm -rf venv, build/install packages, then git add/commit and push everything in ~/TradingAgents without further confirmation — audit the repo for secrets and make backups/clones first. (3) Ensure python3.13 and git are present and your Git authentication is configured (or expect pushes to fail/occur using existing credentials). (4) If you want safer behavior, request the skill be changed to: prompt for confirmation before committing/pushing, show a git diff/status, and declare required binaries and credential usage explicitly. If any of the inconsistencies or automatic push behavior is unacceptable, do not install or run this skill.Like a lobster shell, security has layers — review code before you run it.
latestvk979varxb0tjfc9dshda9hwe5d83xdxn
License
MIT-0
Free to use, modify, and redistribute. No attribution required.