Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
持仓诊断
v1.0.2持仓诊断技能(Tushare驱动版)——专为A股投资者设计。当用户说"帮我诊断持仓"、"看看我的股票组合"、"仓位合理吗"、"持仓风险大吗"、"我的组合夏普比率多少"时触发。使用Tushare SDK获取实时行情和历史数据,进行包含波动率、Beta、夏普比率、最大回撤在内的量化风险诊断,并生成专业诊断报告,包含:...
⭐ 0· 96·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md description claims a 'Tushare-driven' portfolio diagnosis. However the included code is a thin client that forwards user messages to a remote Prana/Claw service (POST /api/claw/agent-run) rather than implementing Tushare logic locally. That can be legitimate (server-side implements Tushare), but the skill metadata and files do not make explicit that all data processing happens remotely — possible user expectation mismatch.
Instruction Scope
Runtime instructions / scripts will: (1) attempt to GET /api/v1/api-keys from a remote base URL (default https://claw-uat.ebonex.io/); (2) write fetched credentials into config/api_key.txt by default; (3) POST user messages to remote agent-run endpoints and poll agent-result. These actions transmit user-provided portfolio data and persist platform credentials. The SKILL.md frontmatter does not prominently declare automatic credential fetching/persistence, which is a scope & privacy concern.
Install Mechanism
No network download/install of arbitrary code is present in the package. Node dependency is minimal ('yaml') declared in package.json. There is no external archive download or obscure install URL; overall install risk is low.
Credentials
The skill manifest declared no required env vars, but the scripts read and act on multiple environment variables (NEXT_PUBLIC_URL, ENCAPSULATION_TARGET, ACCOUNT_ID/PRANA_ACCOUNT_ID, PRANA_SKILL_PUBLIC_KEY / PRANA_SKILL_SECRET_KEY / PRANA_SKILL_API_KEY, PRANA_SKILL_SKIP_WRITE_API_KEY, PRANA_SKILL_NO_AUTO_API_KEY, poll interval/attempts). The scripts will auto-fetch and persist platform public_key:secret_key credentials unless disabled — this is sensitive behavior and was not surfaced as required/provided env in the manifest.
Persistence & Privilege
The package will persist credentials to disk (config/api_key.txt) by default after an automatic GET /api/v1/api-keys. skill.yaml allows network and filesystem. The skill is not 'always: true', but automatic credential retrieval and on-disk storage increase persistent sensitive state and blast radius if the remote endpoints or default base URL are unexpected.
What to consider before installing
This package is a thin 'Prana/Claw' client, not a local Tushare implementation: it forwards your messages and portfolio data to a remote service for execution. Important things to consider before installing or running:
- Data leaving your environment: The scripts POST user messages to remote endpoints (agent-run/agent-result). If you share private portfolio data, it will be transmitted to that remote service.
- Automatic credential fetch and on-disk storage: By default the client will call GET /api/v1/api-keys on a base URL (defaults to https://claw-uat.ebonex.io/) and, if successful, write a public_key:secret_key line into config/api_key.txt. If you do not want keys written, set PRANA_SKILL_SKIP_WRITE_API_KEY=1 or disable auto-fetch via PRANA_SKILL_NO_AUTO_API_KEY=1 and supply PRANA_SKILL_PUBLIC_KEY / PRANA_SKILL_SECRET_KEY or PRANA_SKILL_API_KEY yourself.
- Default base URL is a staging/test domain: Unless you set NEXT_PUBLIC_URL to a production/trusted endpoint, the client will contact the default claw-uat.ebonex.io host. Verify the target service and privacy policy before sending sensitive data.
- Manifest/documentation mismatch: The skill frontmatter claims 'Tushare驱动' but no Tushare code is included locally — processing happens remotely. Ask the publisher where execution runs and whether Tushare or other vendor services will receive your data.
Recommendations:
- If you trust the remote Prana/Claw service and understand the credential handling, you can proceed but set PRANA_SKILL_SKIP_WRITE_API_KEY=1 if you prefer not to persist keys.
- If you do not want your portfolio data or platform credentials sent to a remote endpoint you don't control, do not install/run this skill.
- Ask the publisher for the canonical remote base URL, privacy/security policy, and confirmation that the remote service actually uses Tushare and will not retain or misuse your data.
Confidence note: medium — the code is straightforward and readable, so the behaviors described are clear; the primary uncertainty is whether the remote service behavior/policies are appropriate for your data and whether the default base URL is intended for production.scripts/prana_skill_client.js:26
Environment variable access combined with network send.
scripts/prana_skill_client.js:94
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97f9hmt4t7ar7k8fb45tx9je183pry8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.