ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Stock Watcher Pro

v1.0.3

Monitor your portfolio, track SEC filings in real-time, receive daily stock briefings, and analyze news versus your investment thesis professionally and with...

0· 56·0 current·0 all-time
by@nollio
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match what the files actually do: local portfolio JSON, EDGAR checks, source discovery, briefings, and optional dashboard sync. It asks the agent for web_search/web_fetch/read/write/exec access — those are powerful but consistent with building a source network and running local scripts. No unrelated cloud credentials or unexpected binaries are requested.
Instruction Scope
SKILL.md confines operations to local data files (data/*.json, data/filings) and public web sources (EDGAR, IR pages, news, social). It explicitly treats fetched content as data (prompt-injection defense) and forbids trade execution and exfiltration. That is positive. However the instructions tell the agent to run shell scripts and to copy files from a SKILL_DIR — those steps require care. The scheduler/sync/dashboard components reference pushing data to Supabase (optional) — if a user configures that, it would require external credentials and could transmit local data. The scope is mostly coherent but gives the agent broad exec/network capabilities that could be misused if the environment or follow-up prompts are not controlled.
Install Mechanism
No install spec — instruction-only with shipped scripts. No external archives or downloads. This is lower-risk than an installer that fetches remote code. The included scripts use curl/python3 and interact with public SEC endpoints.
Credentials
The skill declares no required environment variables or credentials (proportionate for EDGAR/news-only monitoring). It does require agent capabilities (exec, web_fetch, web_search, read/write) which are powerful but relevant to its function. The dashboard/DB pieces mention Supabase and market-data providers but do not request credentials in the package — they are optional integrations and would require explicit configuration by the user.
Persistence & Privilege
No 'always: true' privilege is requested. The skill is user-invocable and allows autonomous invocation (default), which is typical for skills. It writes local JSON under data/ and creates a data/filings directory — expected for this functionality and not an escalation of privileges.
Scan Findings in Context
[prompt-injection:ignore-previous-instructions] expected: The SKILL.md contains explicit prompt-injection defense language (e.g., telling the agent to ignore commands embedded in fetched financial documents). The scanner flagged the 'ignore-previous-instructions' pattern, but in this case the pattern appears intentionally used as a defensive rule in the instructions.
What to consider before installing
This package is broadly coherent with its purpose (local portfolio monitoring and SEC/news ingest), but exercise caution before running it. Key things to do before installing or executing scripts: - Inspect and (if needed) fix the shipped scripts. The edgar-check.sh file contains malformed/duplicated path-resolution lines that may cause runtime errors or unexpected workspace traversal; do not run scripts until you inspect and test them in a safe environment. - Run scripts manually in a sandbox first (or with a restricted test portfolio) rather than granting the agent broad, autonomous exec permissions immediately. - Watch for optional dashboard/sync features (Supabase/Next.js). Those components could transmit data to an external DB if you supply credentials — only configure them if you understand and trust the target endpoint. - Keep portfolio data local and protected (the package already recommends chmod 600/700). If you provide an email in config/watchlist-config.json for EDGAR User-Agent, use a contact you control. - Do not supply brokerage API keys or other unrelated credentials to the skill. The package claims it does not execute trades — preserve that by never giving trade-execution credentials. If you want higher assurance, request a corrected version of the scripts (fixing workspace detection logic and removing obvious typos) or run the code review in a dev sandbox before using it with real portfolio data.
!
SKILL.md:20
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk978kscmj4y0c1eq60fhxw5ry583ybmm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments