Back to skill

Security audit

🐂 BigA · A股 智能选股(股票分析·投资分析·AI股票)

Security checks across malware telemetry and agentic risk

Overview

BigA is a disclosed stock-analysis and alerting skill, but it automatically sends messages and installs scheduled jobs with broad trigger phrases and limited confirmation controls.

Install only if you want BigA to run stock scans, search market news, send alerts to a configured chat target, and create recurring scheduled jobs. Review the destination channel/target, cron schedule, and disable/update process first; avoid installing it in shared or public channels unless automatic stock-alert posting is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (7)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
for i, seg in enumerate(segs):
     if not seg: continue
     for attempt in range(3):
         p = subprocess.Popen(
             [openclaw_bin, "message", "send",
              "--channel", channel,
              "--target", target,
Confidence
91% confidence
Finding
p = subprocess.Popen( [openclaw_bin, "message", "send", "--channel", channel, "--target", target, "--message", seg, "--jso

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill includes outbound Feishu/openclaw messaging behavior that exceeds the core expectation of stock scanning and signal generation. This creates an unexpected side-effect capability: a user invoking analysis-related functionality may also cause external communications to be sent, which increases the risk of abuse and data leakage.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The code accepts caller-supplied JSON content and configurable channel/target values, then sends that arbitrary content to external recipients. In a stock-analysis skill, this is an unnecessary general-purpose exfiltration and message relay capability that could be abused to send spam, leak sensitive workspace data, or operate as an unreviewed outbound communications primitive.

Vague Triggers

High
Confidence
95% confidence
Finding
The trigger list includes broad everyday finance phrases like '今天买什么', '今天卖什么', '股票行情', and similar generic terms. Because the skill also auto-executes shell/network actions and may send outbound messages, ordinary conversation can unintentionally activate high-impact behavior without clear consent.

Vague Triggers

High
Confidence
99% confidence
Finding
The rule '触发即执行' explicitly instructs the skill to run on any trigger and not wait for user confirmation. In combination with network access, shell execution, web searches, and mandatory outbound message sending, this creates a strong risk of accidental execution, spam, and unintended task or system changes from casual mentions of trigger words.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill directs automatic segmented outbound messaging via `openclaw message send` and even includes a resend-on-failure check, but does not present this as an explicit consented side effect at activation time. Users may trigger the skill for analysis and unknowingly cause unsolicited messages to be sent to a channel or target, increasing spam and privacy risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The code sends externally visible messages without any in-code user warning, approval prompt, or consent check at send time. Because the destination can come from configuration and the content can come from input, silent transmission makes accidental or unauthorized disclosure substantially more likely.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.