critical
suspicious.exposed_secret_literal
- Location
- SKILL.md:159
- Finding
- File appears to expose a hardcoded API secret or token.
看盘之眼
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.exposed_secret_literal
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
ConcernHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
Running or sharing this skill could expose or abuse the embedded OCR account credentials, consume someone else's quota, or fail unexpectedly if those credentials are revoked.
Why it was flagged
The file hardcodes Baidu OCR credentials into the runtime environment; SKILL.md also advertises a configured API key while the registry declares no credential requirement.
Skill content
os.environ['BAIDU_API_KEY'] = 'dNJ...8aPG'; os.environ['BAIDU_SECRET_KEY'] = 'X989...D3cA'
Recommendation
Remove embedded secrets, rotate any exposed keys, and require users to provide their own OCR credentials through documented environment variables or a secure config mechanism.
ConcernMedium Confidence
ASI05: Unexpected Code ExecutionWhat this means
If the agent or user passes an unsafe title/output value, the script may run unintended PowerShell commands on the local machine.
Why it was flagged
A command string passed to PowerShell is built with an interpolated window-title value, and the script exposes a --window-title argument, so crafted input could alter the PowerShell script.
Skill content
$pattern = "{title_pattern}" ... subprocess.run(['powershell', '-Command', ps_script], ...)Recommendation
Avoid interpolating raw arguments into PowerShell; pass parameters safely, escape values rigorously, validate window titles/paths, and require user confirmation for non-default arguments.
NoteHigh Confidence
ASI07: Insecure Inter-Agent CommunicationWhat this means
Screenshots from the trading terminal may leave the local machine when online OCR engines are used.
Why it was flagged
The script uploads captured screenshot image bytes to an external OCR provider, which is purpose-aligned but may include financial-terminal screen content.
Skill content
files = {'file': ('image.jpg', img_data, 'image/jpeg')} ... requests.post('https://api.ocr.space/parse/image', files=files, data=data, timeout=30)Recommendation
Use local OCR for sensitive screens, verify the captured region before upload, and clearly document which OCR engines send data to which providers.
NoteHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
The skill can interact with the trading software UI, so an unexpected focused window or wrong match could cause unintended UI input.
Why it was flagged
The script automates the foreground financial-terminal window by sending keyboard input to select a stock and switch views.
Skill content
user32.SetForegroundWindow(hwnd) ... send_key(VK_ESCAPE) ... send_char(c) ... send_key(VK_RETURN) ... send_key(VK_9) ... send_key(VK_6)
Recommendation
Run it only while the intended terminal window is visible, keep the default narrow workflow, and confirm the matched window before automation.
NoteMedium Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
The documented workflow may fail or encourage users to locate/run missing helper code outside the reviewed artifact set.
Why it was flagged
The main documented v2 script imports an ocr_engines helper, but that file is not listed in the supplied manifest; SKILL.md also references scripts/configure_baidu_ocr.ps1, which is not listed.
Skill content
from ocr_engines import recognize_with_engine, compare_engines, get_available_engines
Recommendation
Package all referenced helper files, remove stale references, and avoid instructions that require running unreviewed scripts.