Back to skill

Security audit

Stock Analysis China

Security checks across malware telemetry and agentic risk

Overview

This stock-analysis skill is coherent in purpose, but it gives broad automatic authority to inspect images, change saved portfolio data, and guide system-level setup without clear approval gates.

Install only if you are comfortable with the skill processing portfolio screenshots and storing holdings locally. Require explicit confirmation before it reads unrelated images, updates or clears portfolio data, installs packages, changes environment variables, creates filesystem links, or restarts OpenClaw, and verify extracted holdings before relying on the analysis.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill documentation directs the agent to perform package installation, environment-variable changes, filesystem junction creation, and service restarts, which are system-administration actions well beyond stock analysis. If followed by an agent, these steps could modify the host environment, expand the attack surface, and normalize dangerous privileged operations triggered by ordinary user investment requests.

Vague Triggers

High
Confidence
97% confidence
Finding
The activation conditions are so broad that the skill may trigger on any image or on general discussion of stocks and advice, causing the agent to read files, inspect screenshots, or produce investment recommendations without clear user intent. Overbroad triggering is especially risky here because the skill is authorized to process sensitive financial data and initiate multi-step analysis behavior automatically.

Vague Triggers

High
Confidence
98% confidence
Finding
The trigger condition '用户发送了图片' is excessively broad and would cause activation for any image, regardless of whether it contains holdings data. That can lead to unnecessary inspection of unrelated private images and accidental invocation of file access and analysis workflows on non-relevant content.

Vague Triggers

Medium
Confidence
91% confidence
Finding
Several trigger phrases are common conversational requests about stocks or advice and are not narrowly scoped to this specific skill. This increases the chance of unintended activation, which is problematic because the skill can access stored portfolio data and generate consequential financial guidance automatically.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
AI-recognized holdings are written as a full overwrite of the portfolio file with no confirmation, preview, backup, or merge safety. In this skill context, OCR/multimodal extraction is explicitly used on screenshots, so recognition mistakes or prompt-induced bad extraction can silently replace a user's financial records and lead to incorrect downstream investment analysis and recommendations.

Missing User Warnings

High
Confidence
97% confidence
Finding
The clear_portfolio function permanently deletes all locally stored holdings immediately, without any confirmation, dry-run, backup, or undo path. In a finance-oriented skill that automatically activates around portfolio intents, this is especially dangerous because accidental invocation or misuse can wipe sensitive user state and disrupt subsequent analysis or advice.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.