Fubon Cli
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is clearly for Fubon trading, but it gives an agent live financial order and account access without strong built-in confirmation or scoping controls.
Install only if you intentionally want agent-assisted Fubon trading. Verify the fubon-cli and fubon_neo package sources, start with read-only queries, keep credentials out of chat/logs, and require explicit confirmation before every order, cancellation, modification, or retry.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could place, modify, or cancel real financial orders if the user is logged in and the command is triggered incorrectly.
The skill explicitly exposes live trading mutation commands to automation, including buy, sell, cancel, and modify operations, but does not require a separate human confirmation step for each order.
These map 1:1 to the `fubon-cli` commands and are safe to invoke from automation when preconditions are met. ... fubon stock buy <SYMBOL> <QTY> --price <PRICE> ... fubon stock cancel <ORDER_NO>
Require explicit user confirmation for every order, cancel, modify, or conditional-order action; add limits for account, symbol, quantity, and price; and prefer read-only/dry-run workflows by default.
Compromise or misuse of these credentials could expose the user's brokerage account and allow unauthorized trading or account queries.
The skill requires brokerage identity material, certificates, passwords, and/or API keys that grant high-impact account authority, but the artifacts do not clearly bound which accounts or permissions should be used.
Ensure certificate files and account credentials are available. ... fubon login --id <ID> --password <PW> --cert-path <PATH> [--cert-password <PW>]
Use the least-privileged credential available, avoid placing secrets in chat or logs, document credential storage clearly, and declare required credentials/configuration in the skill metadata.
A network hiccup could lead to repeated financial actions, such as duplicate orders, if the first request succeeded but the response was lost.
The retry rule is not limited to read-only commands. In an order-placement workflow, retrying after a transient failure without an idempotency check or pre-retry order-status check can create duplicate orders.
For retriable failures (network/transient), retry conservatively once.
Do not automatically retry order placement or order modification. First query order state, use provider idempotency features if available, and ask the user before retrying any financial mutation.
A wrong or tampered package could run with access to trading credentials and account data.
Installing the trading CLI is expected for this skill, but the artifact uses a local wheel and an unpinned package install, so users should verify the source before using it with brokerage credentials.
pip install ./wheels/fubon_neo-2.2.8-cp37-abi3-win_amd64.whl pip install fubon-cli
Install only from a trusted source, pin exact versions and hashes where possible, and document the expected package provenance in the skill metadata or install spec.
If users include portfolio, account, or credential details in AI prompts, that information may be sent outside the local environment.
The optional ask/chat workflow appears to use an external AI provider key, but the artifact does not describe what trading prompts or account context may be sent to that provider.
fubon ask "台積電現在的價格是多少?" fubon chat fubon config set openai-key <OPENAI_KEY>
Clarify external-provider data flows, avoid sending secrets or account details in prompts, and separate market-data questions from private account operations.