ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Stock-Decision

v1.0.1

Comprehensive stock decision analysis combining technical indicators (MA, MACD, KDJ, RSI, DMI), macro environment assessment (industry cycle, governance, mac...

0· 40·0 current·0 all-time
by@pfbao
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (technical indicators + macro + backtest) aligns with the included Python scripts and the SKILL.md workflow. The scripts call a local 'westock-data' skill for market data and perform web searches for macro analysis — these are expected for the stated purpose. Notable: the code assumes a specific local path (~/.workbuddy/skills/westock-data/) and Node scripts exist, which is a design choice that creates a strong coupling to the environment.
!
Instruction Scope
Scripts execute shell commands via subprocess.run(..., shell=True) with user-controllable inputs (e.g., analyze.py inserts the raw user stock_input into a shell command; backtest and analyze build commands from stock codes). This enables command-injection if an attacker (or malicious input) supplies crafted stock names/codes. The macro_analyzer performs direct HTTP requests to Bing and scrapes HTML; it sends search queries over the network and parses page content. Those network operations are coherent with macro analysis but expand the attack surface (external requests, potential leakage of queried company names).
Install Mechanism
No install spec; code is instruction + scripts only. This minimizes supply-chain install-time risk. However, runtime behavior writes/reads nothing outside expected paths, and no external archives or downloads are performed by an installer.
Credentials
The skill declares no required environment variables or secrets, which fits the purpose. However, it relies on network access (requests to bing.com) and on a local dependency at ~/.workbuddy/skills/westock-data/ — that local path is assumed rather than validated. If an attacker can replace the referenced Node scripts, they could influence results or exfiltrate data. There are no declared credentials, but the skill issues outbound network requests and calls other local tools.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or global agent settings, and appears runnable only when invoked. It does not persist credentials or change agent configuration on its own.
What to consider before installing
This skill generally does what it says (technical indicators, macro web-search, backtests), but there are implementation-level risks you should consider before installing or running it: - Command-injection risk: Several scripts construct shell commands with user-supplied strings and call subprocess.run(..., shell=True). If you or others can pass arbitrary stock names/codes to the skill, those inputs could include shell metacharacters and execute unexpected commands. Prefer running in a sandbox or patch scripts to use subprocess.run([...], shell=False) with argument lists or to sanitize inputs. - Local dependency risk: The scripts call a local skill at ~/.workbuddy/skills/westock-data/scripts/index.js. Ensure that the referenced westock-data code is genuine and not replaced by an attacker — otherwise the skill could run arbitrary Node code when invoked. - Network and privacy: macro_analyzer scrapes Bing search results directly (requests to bing.com) and sends company/industry queries. That is expected for macro analysis, but be aware that queried company names and search keywords will be sent to external services. If you have confidentiality concerns, disable network or review/meter outbound traffic. - Fragile scraping & high thresholds: macro_analyzer uses regex HTML scraping which is brittle; also some thresholds (e.g., requiring >=5 severe keywords) may produce false negatives/positives. This is an operational/data-quality concern, not necessarily malicious. Recommendations before use: 1. Review and/or modify scripts to remove shell=True and pass command arguments as lists to subprocess.run (or validate/escape inputs). 2. Verify the integrity and provenance of the westock-data skill at the hardcoded path. 3. Run the code in an isolated environment (container/VM) with limited permissions and controlled network access; monitor outbound connections. 4. If you plan to accept inputs from untrusted users, add input validation and stricter sanitization. 5. If you need to trust external web results less, consider configuring or restricting the search endpoints and logging the queries for audit. Because the issues are implementation vulnerabilities rather than clear malicious intent, I classify this as 'suspicious' (medium confidence). Reviewing the scripts and running them in a sandboxed environment will reduce risk; if you want, I can point out the exact lines to change to remove shell usage and hardcoded-path assumptions.

Like a lobster shell, security has layers — review code before you run it.

latestvk973tsg8587mar00phtmwpx4a5841j4t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments