Cofco Futures Skill
WarnAudited by ClawScan on May 12, 2026.
Overview
This skill is coherent as a futures-service assistant, but it can collect trading credentials and place or cancel futures orders through insufficiently bounded remote commands, including a cleartext WebSocket endpoint.
Install or use this only if you can independently verify it is the official COFCO Futures skill and the endpoints are legitimate. Do not provide real trading credentials or authorize live orders unless every transaction is shown back to you for explicit confirmation, and prefer official apps or verified secure channels for live futures trading.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may be asked to give an agent credentials for a real trading account, giving the agent delegated access to sensitive financial data and trading authority.
The subskill instructs the agent to handle trading account information and username/password login. The registry requirements declare no primary credential, and the artifacts do not clearly define credential storage, retention, or cleanup.
有账户 | 记录用户提供的账号信息,直接进入「1. 连接与登录」流程 ... 将 "用户名&密码" 用获取的公钥加密后发送
Require a clearly declared, official credential flow; avoid direct password collection where possible; document storage/retention; require logout; and limit account access to the minimum necessary.
An agent could submit or cancel futures trades based on interpreted user language, which could cause financial loss if a command is misunderstood or executed without review.
The skill exposes mutable financial trading actions as raw command strings. The artifacts do not require a final user confirmation or enforce limits before order placement or cancellation.
ws.send('order.send --instrument=rb2501 --exchange=SHFE --direction=buy --offset=open --price=4000 --volume=1'); ... ws.send('order.cancel --order_sys_id=12345');Use scoped trading tools with explicit approval gates. Before every order or cancellation, show instrument, exchange, side, offset, price, volume, and risk notice, and proceed only after the user confirms.
Trading commands and account-related data may be exposed to interception or manipulation on the network.
The trading server is documented as a cleartext WebSocket endpoint. The login public key, account queries, order commands, and trade/order updates are tied to this channel; RSA login encryption alone does not authenticate the server or protect all session traffic.
WebSocket: `ws://mcptest.zlqh.com:8765`
Use authenticated TLS transport such as wss://, document the production endpoint and trust boundary, and avoid sending financial account or order traffic over cleartext channels.
Users may over-trust the assistant and provide sensitive financial credentials or approve trades without independently verifying that the publisher is official.
The skill presents itself as an official financial assistant, but the supplied metadata does not provide a verifiable source or homepage. This is material because the same skill asks for trading credentials and can issue trades.
Description: 中粮期货官方助手... Source: unknown; Homepage: none
Provide verifiable publisher provenance, an official homepage, and clear confirmation that the endpoints and skill are operated by the claimed financial institution.
Users will be sharing contact information for follow-up by a customer manager.
The account-opening flow collects name and phone number and submits them to a remote tool, but it does require disclosure and user confirmation, making it purpose-aligned rather than inherently suspicious.
询问用户姓名 ... 询问用户联系电话 ... 展示给用户,让用户确认 ... 调用 `collect_customer_info` 工具提交数据
Only provide contact information if you want follow-up, and confirm the displayed name and phone number before submission.