Back to skill

Security audit

Shanv Trader

Security checks across malware telemetry and agentic risk

Overview

This stock-trading skill is not clearly malicious, but it needs Review because it can affect trading workflows and includes weak safety controls plus an unsafe shell command path.

Install only if you are comfortable reviewing a trading automation skill before use. Treat it as capable of affecting brokerage workflows, do not run execute_trade.py against a live account without a separate human confirmation process, and fix the shell=True stock-price call plus local log handling before trusting it with real portfolio data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Output HandlingUnvalidated Output Injection, Cross-Context Output, Unbounded Output
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
# 调用 stock_price 或 unified_stock
    import subprocess
    code_str = ' '.join(codes)
    result = subprocess.run(
        f'cd ~/.openclaw/workspace && python3 bin/stock_price {code_str}',
        shell=True,
        capture_output=True,
Confidence
98% confidence
Finding
result = subprocess.run( f'cd ~/.openclaw/workspace && python3 bin/stock_price {code_str}', shell=True, capture_output=True, text=True )

Missing User Warnings

Low
Confidence
83% confidence
Finding
The skill explicitly records trade logs, memory archives, and portfolio data to local files, but the description does not present this as a clear user-facing data handling warning. In a trading context, these files can contain sensitive financial activity, positions, and historical decisions, which increases privacy and operational risk if the host environment is shared or insecure.

Missing User Warnings

High
Confidence
95% confidence
Finding
This code performs buy/sell operations immediately when invoked, without any second-factor confirmation, dry-run mode, authorization gate, or explicit safety interlock. In a trading skill, that context makes the issue more dangerous because accidental invocation, prompt misuse by an agent, or abuse of the CLI can directly trigger real financial transactions and losses.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The logger writes detailed transaction data to a predictable local file without any access controls, minimization, or user disclosure. In the trading context, those records can expose sensitive portfolio activity and trading behavior to other local users, malware, backup systems, or unintended tooling with filesystem access.

Unvalidated Output Injection

High
Category
Output Handling
Content
# 调用 stock_price 或 unified_stock
    import subprocess
    code_str = ' '.join(codes)
    result = subprocess.run(
        f'cd ~/.openclaw/workspace && python3 bin/stock_price {code_str}',
        shell=True,
        capture_output=True,
Confidence
99% confidence
Finding
subprocess.run( f'cd ~/.openclaw/workspace && python3 bin/stock_price {code_str}', shell=True, capture_output

Tool Parameter Abuse

High
Category
Tool Misuse
Content
# 调用 stock_price 或 unified_stock
    import subprocess
    code_str = ' '.join(codes)
    result = subprocess.run(
        f'cd ~/.openclaw/workspace && python3 bin/stock_price {code_str}',
        shell=True,
        capture_output=True,
Confidence
97% confidence
Finding
subprocess.run( f'cd ~/.openclaw/workspace && python3 bin/stock_price {code_str}', shell=True

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.