Destructive delete command
Warn
- Finding
- Documentation contains a destructive delete command without an explicit confirmation gate.
eastmoney skills
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill appears to be a finance integration, but it depends on unreviewed remote skill downloads and includes authenticated watchlist/simulated-portfolio changes without clear confirmation limits.
Install only if you trust the Eastmoney download source. Before using the skill, review the downloaded child skill files, verify any available hashes or signatures, set MX_APIKEY only for the session if possible, and require manual confirmation before any watchlist deletion or simulated portfolio transaction.
Static analysis
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
The actual installed behavior may come from remote files that were not reviewed here, and those files could change what the agent does with the user's API key.
Why it was flagged
The reviewed package contains only SKILL.md, but setup tells users to fetch and unzip multiple remote skill archives into the skills directory, with no checksum/signature or downloaded contents available in the artifacts.
Skill content
从云端下载最新的`mx-skills`skill 定义 ... MX_DATA_DOWNLOAD_URL="https://marketdfs.dfcfw.com/file/download/E220260320DRQ9S9.zip" ... curl -fSL ... unzip -o
Recommendation
Only install from a trusted official source, review the downloaded child skills/scripts before use, and prefer pinned versions with published hashes or signatures.
What this means
An agent using the skill could change watchlists or simulated portfolio records in the connected Eastmoney account if not carefully supervised.
Why it was flagged
These described capabilities can modify authenticated financial watchlists and simulated portfolio records, but the artifact does not specify explicit user confirmation or limits before add/delete/buy/sell-style actions.
Skill content
自选股管理功能,支持添加、删除、查询自选股 ... 模拟组合管理功能,允许用户创建模拟投资组合,进行买卖交易记录
Recommendation
Require explicit user confirmation for every add, delete, portfolio creation, or simulated trade-record action, and document any undo or recovery process.
What this means
Running it could delete any local skill directories whose names start with mx-skills.
Why it was flagged
This is a destructive wildcard delete command. It is scoped to directories matching this skill's prefix under ~/.openclaw/skills, but it lacks an explicit confirmation gate.
Skill content
rm -rf ~/.openclaw/skills/mx-skills*
Recommendation
Check the expanded path before running and avoid automated execution of the cleanup command.
What this means
Anyone or any agent action with access to this key may be able to call Eastmoney APIs under the user's account permissions.
Why it was flagged
The skill requires an Eastmoney API key for authenticated calls. This is purpose-aligned, but it is sensitive account authority and is not reflected in the registry requirement summary.
Skill content
required_env_vars: - MX_APIKEY ... Header 中必须携带 `apikey` 进行认证
Recommendation
Use the least-privileged key available, keep it out of logs and shared files, prefer session-only storage, and revoke it if the downloaded skill contents are not trusted.