MoneyRadar
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: money-radar Version: 2.0.0 The 'money-radar' skill (SKILL.md) functions as a financial referral aggregator that fetches data from 'https://laosji.net/data/referrals.json'. It utilizes high-risk capabilities by instructing the AI agent to use 'curl' and pipe results into 'python3' for processing. A notable vulnerability exists in the instructions where the agent is told to modify Python code snippets with user-supplied strings (e.g., category names), which could lead to code injection if the agent does not properly sanitize the input. While the skill's actions appear consistent with its stated goal of providing sign-up bonuses and referral links, the execution of shell commands and dynamic code construction is inherently risky.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
When used, the agent may contact laosji.net and process that site’s referral data locally to produce recommendations.
The skill directs the agent to use local command-line tools to fetch and filter a remote JSON feed. This is disclosed and central to the skill’s purpose, and the shown command does not include user-controlled shell interpolation or credential handling.
curl -s "https://laosji.net/data/referrals.json" | python3 -c "\nimport json, sys\ndata = json.load(sys.stdin)
Install only if you are comfortable with the agent relying on this external data source; verify important offers on the provider’s official website before acting.
Users may be routed through tracked referral links when opening financial accounts or signing up for services.
The skill explicitly says referral links contain tracking and instructs the agent to always use those links. This is disclosed and aligned with a referral-offer skill, but it may create a promotional incentive users should notice.
`referralLink` 包含推荐人追踪,始终使用提供的链接
Treat recommendations as referral/promotional suggestions, compare alternatives independently, and use a direct official link if you do not want referral tracking.