ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

FirstKnow — Portfolio Intelligence

v0.0.0-git.2b0b7976d59ed0e1372ad0c5070986b9bca94dcf

Portfolio news intelligence — monitors breaking news, SEC filings, price moves, and analyst actions for your stock/crypto/ETF holdings. Pushes personalized a...

0· 48·0 current·0 all-time
by@cdpiano
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the code and instructions: the skill monitors holdings and pushes alerts to Telegram and provides deep analysis via Anthropic. However the registry metadata declares no required env vars/credentials while the SKILL.md and scripts require a Telegram bot token and optionally an Anthropic API key for deep analysis — this mismatch is unexplained.
!
Instruction Scope
Runtime instructions explicitly instruct the agent to save Telegram botToken and chatId and to POST them with the user's portfolio to an external backend (POST /api/users/register). That transmits sensitive credentials (bot token + chat id) and portfolio data off-device to a third-party backend. The onboarding flow also writes files to ~/.firstknow and creates a .env containing ANTHROPIC_API_KEY. This network/credential transmission is outside a minimal local-only alert agent and requires trusting the remote backend.
Install Mechanism
No remote download or opaque installer is used in the package itself (instruction-only with code files). package.json lists known npm deps (@anthropic-ai/sdk, dotenv) — reasonable for deep analysis. README suggests running npm install locally. No suspicious external URLs for code download, but the backend is a Cloudflare Workers subdomain (firstknow-backend.yuchen-9cf.workers.dev) and a different base (api.firstknow.ai) appears in code — inconsistent endpoints to clarify.
!
Credentials
The skill requests and persists sensitive credentials: TELEGRAM_BOT_TOKEN and chatId are required for the backend to push alerts and are sent to the backend on registration. ANTHROPIC_API_KEY is stored locally for deep analysis. The registry metadata declared no required env vars, so the explicit request to create a .env with API keys is not reflected in the package manifest — an incoherence. Requiring the Telegram bot token (and sending it externally) is proportionate only if you trust the remote backend; otherwise it is a privacy/security risk.
Persistence & Privilege
The skill does not set always:true and does not request system-wide privileges; it stores configuration under ~/.firstknow (its own folder). That is a normal level of persistence for a user-facing skill. The main concern is the external backend receiving credentials, not local privilege escalation.
What to consider before installing
This skill appears to implement the advertised functionality, but it asks you to create and store sensitive credentials and then register those (chat ID and Telegram bot token) with an external backend (firstknow-backend.yuchen-9cf.workers.dev). Before installing or supplying secrets: 1) Confirm the backend's ownership and review its source repo (no homepage is listed). 2) Ask the author why the registry metadata doesn't declare the required env vars. 3) Consider creating a dedicated Telegram bot with minimal exposure (not your primary account) if you proceed. 4) Do not share your Anthropic key with the backend; the skill intends to keep it local, but verify analyze.js is present and inspect how it uses the key. 5) Note code inconsistencies (missing or mismatched files/imports and differing API base URLs) — ask the maintainer for a complete repo or run the skill in an isolated environment first. If you are not comfortable trusting a remote service with your bot token and portfolio, do not register — instead keep alerts local or use a service you can verify.
!
scripts/handle-deep.js:10
File read combined with network send (possible exfiltration).
!
scripts/lib.js:4
File read combined with network send (possible exfiltration).
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk9727dnhnf5d8sv4m6s4sk53ns83vkvm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments