Env credential access
Critical
- Finding
- Environment variable access combined with network send.
TradingView技术指标分析助手Agent
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is a disclosed remote-agent wrapper that uses a Prana API key and sends user questions to Prana, with no evidence in the provided code of hidden exfiltration, destructive actions, or unauthorized purchases.
Before installing, confirm you trust the Prana endpoint and publisher, use a temporary API-key environment variable unless you want persistence, avoid sharing sensitive trading or account data in prompts, and treat the static credential warning as expected for this disclosed remote integration rather than evidence of hidden leakage.
Static analysis
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
The agent may ask to run commands that retrieve a Prana key and set it in the environment.
Why it was flagged
The skill instructs use of network and configuration commands to fetch and store an API key. This is sensitive tool use, but the same instructions require explicit user confirmation before doing it.
Skill content
curl -sS "https://claw-uat.ebonex.io/api/v2/api-keys" ... openclaw config set env.PRANA_SKILL_API_FLAG "af_..."
Recommendation
Approve the key-fetch and environment-write steps only if you trust the Prana integration; choose a temporary environment variable if you do not want the key persisted.
What this means
Anyone who can read or use the environment variable may be able to act as you for this Prana skill.
Why it was flagged
The skill uses an environment-held API key as an authentication header for Prana requests. This is expected for the remote service, but it is still a credential boundary.
Skill content
"auth": { "type": "header", "header_name": "x-api-key", "env_var": "PRANA_SKILL_API_FLAG", "required": true }Recommendation
Keep PRANA_SKILL_API_FLAG private, avoid pasting the full key into chat, and revoke or rotate it through the provider if it is exposed.
What this means
Your analysis request, and any data you include in it, will be processed by the remote Prana service.
Why it was flagged
User questions are sent to a remote Prana agent endpoint. This is disclosed and central to the skill's purpose, but it means task content leaves the local environment.
Skill content
run_url = base_url.rstrip("/") + "/api/claw/agent-run" ... run_payload = { "skill_key": skill_key, "question": question, "request_id": request_id }Recommendation
Do not include confidential trading data, account details, or private files in prompts unless you are comfortable sharing them with the Prana endpoint.
What this means
You have less external information to verify who operates the remote service and how it is maintained.
Why it was flagged
The registry metadata does not provide a public source repository or homepage, which limits independent provenance checks for a remote-service wrapper.
Skill content
Source: unknown; Homepage: none
Recommendation
Verify the publisher and endpoint before sending sensitive prompts or storing a persistent API key.