Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Tiger Trade
v1.0.5Execute US and HK stock trades via Tiger Brokers API. Use when user wants to buy or sell stocks, manage investment portfolio, place orders for US ETFs or HK...
⭐ 0· 506·0 current·0 all-time
by@esanle
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to execute trades via the Tiger Brokers API, and the SKILL.md shows code that uses the tigeropen client to place orders — this matches the stated purpose. However the package/dependency (tigeropen/Python runtime) and the required config file are not declared in the skill metadata/requirements, which is unexpected for a runtime that relies on that library and an on-disk private key.
Instruction Scope
Runtime instructions tell the agent to create and read a config file at ~/.tiger-config.json containing tiger_id/account/private_key_pk8 and to use it to sign API requests. That is within the trading purpose, but the SKILL.md has inconsistent filenames (top header says tiger-config.json, Setup says ~/.tiger-config.json) and uses open('~/.tiger-config.json') which does not expand ~ in Python — indicating sloppy/buggy instructions. The instructions require reading a sensitive private key from the user's home directory but do not instruct how to secure it or offer alternatives (env var, secure vault). There are no instructions to install or verify the tigeropen library, so an agent following the SKILL.md might fail or try to fetch/install packages on the fly.
Install Mechanism
This is an instruction-only skill (no install spec). That alone is low-risk, but the runtime code depends on the tigeropen Python package and a Python runtime; those requirements are not declared. Missing dependency declarations increase the chance an agent will attempt to install packages at runtime or run incorrect ad-hoc commands, which is a safety and coherence concern.
Credentials
No required env vars or config paths are declared in the registry metadata, yet the SKILL.md requires a user config file containing a private key and account id. Requesting a private key is reasonable for trading, but the skill does not justify why it uses an on-disk plain JSON private key, does not advise secure storage, and does not declare the config path in metadata. The lack of declared primary credential or config path is a mismatch.
Persistence & Privilege
The skill is not force-included (always: false) and is user-invocable; it does not request persistent privileges or system-wide configuration changes. No other persistence/privilege flags are set.
What to consider before installing
This skill appears to implement Tiger Brokers trading calls, but it has multiple inconsistencies and missing declarations. Before installing or using it: 1) Verify the skill's source and author (no homepage/source provided). 2) Do not place your broker private key into an unencrypted ~/.tiger-config.json unless you accept the risk — prefer a secure vault or environment-scoped secret. 3) Confirm and install dependencies (Python and tigeropen) in a controlled environment; the skill metadata does not declare them. 4) Inspect and test the code in a sandbox (look for any network calls beyond Tiger's endpoints) and correct the SKILL.md bugs (filename mismatch and Python ~ expansion). 5) If you plan to allow autonomous agent invocation, only do so after ensuring the skill cannot read other files or exfiltrate secrets. These issues are likely sloppy engineering rather than malicious intent, but they raise enough doubt to warrant careful review and remediation before use.Like a lobster shell, security has layers — review code before you run it.
latestvk97f4hgdfhtcbw6a07pfwj4n4982byzp
License
MIT-0
Free to use, modify, and redistribute. No attribution required.