ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Racing Quant AI

v1.5.0

赛马量化AI选股系统,集成量化策略选股+个股智能推荐分析。从量化策略数据库筛选符合需求的策略,获取持仓个股,再进行深度分析,最终给出投资参考。触发词:量化选股,racing quant,策略选股,数据库选股,量化分析,AI选股。

0· 115·0 current·0 all-time
by@chenxyzcyxpp
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description claim to query a remote strategy database and perform multi‑dimensional stock analysis — the included scripts do exactly that (multiple scripts connect to a MySQL server and extract holdings). That core capability is coherent with the skill purpose. However, the DB host, port, username and password are hard-coded in scripts (host: 47.121.180.199, user: 'display', password: 'display999!', database: 'db_strategy'), while the skill metadata declares no required environment variables or credentials. Embedding credentials in the code and failing to declare the need for network/DB access is unexpected and worth noting.
!
Instruction Scope
SKILL.md and the scripts instruct the agent to perform actions beyond simple in-memory logic: Node.js scripts connect to a remote MySQL server and run many SQL queries; some scripts call out to other skills and the host via child_process.execSync (examples: running a Python CLI under /root/.openclaw/workspace/skills/new-akshare-stock and invoking an 'agent-browser navigate' command). The skill executes shell commands and assumes access to the agent host filesystem and other skills' directories. These steps broaden the runtime scope (network I/O, filesystem access, execution of other skill code) and could be used to access or transmit data beyond the user's intent if misused.
Install Mechanism
There is no install spec (instruction-only plus included scripts). That is lower-risk in terms of remote installs, but the scripts require Node.js and the 'mysql' package (declared in SKILL.md) and also expect other skills (new-akshare-stock, cn-web-search, wechat-article-search) to be present and callable. The scripts execute Python/CLI from an absolute path (/root/.openclaw/workspace/skills/new-akshare-stock), which assumes a specific runtime layout and gives them the ability to invoke code located elsewhere on the host.
!
Credentials
No required environment variables or primary credential are declared in the skill metadata, but every script contains a hard-coded set of DB credentials (host 47.121.180.199, user 'display', password 'display999!', database 'db_strategy'). The skill also integrates with other skills (new-akshare-stock, cn-web-search, wechat-article-search) but does not declare or request any credentials those integrations might need. Hard-coded secrets in distributed skill code and undocumented dependencies on other skills reduce transparency and are disproportionate to what a user would normally expect from an analysis-only skill.
Persistence & Privilege
The skill is not marked always:true (good). Default autonomous invocation is allowed (platform default) but that alone is not a disqualifier. The main concern is that scripts invoke child processes and reference absolute host paths (/root/.openclaw/workspace/skills/...), which lets the skill run code from other skill directories and the host environment when executed — increasing the practical privilege/impact of an autonomous invocation if it runs unexpectedly.
What to consider before installing
This skill appears to implement the advertised DB-driven stock-selection and analysis, but it includes hard-coded credentials for a remote MySQL server (47.121.180.199, user 'display', password 'display999!') and executes shell commands that access absolute paths on the agent host and other skill directories. Before installing or running it consider: - Treat the embedded DB credentials as sensitive: queries you run with this skill will go to a third‑party server you do not control. Do you trust that server and its operator? Could it log queries or return manipulated data? - The scripts call execSync to run Python/CLI tools and an agent-browser navigation command from /root/.openclaw/..., which assumes filesystem access and lets the skill execute code outside its own files. If you run this skill, it may execute code belonging to other skills or local files. - The repository does not declare required env vars or network/DB access even though it needs them; that reduces transparency. Consider asking the publisher to: (a) remove hard-coded credentials and require explicit, documented configuration (env vars or user-provided connection info), (b) avoid absolute host paths and execing other skills' code, and (c) explain what data is sent to the remote DB and external web searches. If you need the functionality but worry about privacy/trust, run the scripts in an isolated environment where you control network access (or replace the DB connection with a local/test database) and audit or sandbox any child process calls before allowing autonomous invocation.
scripts/get-positions-correct.js:41
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk9708mh9ewmvwt6ccg6wj1ksvn83y7jm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments