Back to skill

Security audit

eastmoney skills

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-aligned, but its install and credential instructions are risky enough that users should review them before installing.

Install only after reviewing the remote archive source. Back up any existing ~/.openclaw/skills/mx-skills* folders before running deletion commands, avoid wildcard removal if possible, verify downloaded files independently, and treat MX_APIKEY as a secret that should not be logged, shared, or committed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The installation guide includes a destructive `rm -rf ~/.openclaw/skills/mx-skills*` command without any warning, backup advice, or confirmation step. Even though the target is somewhat scoped, wildcard deletion in a user home directory can still remove local skill data unexpectedly and is unsafe to present as a routine install step.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The guide downloads archives from remote URLs and unzips them with overwrite enabled (`unzip -o`) into persistent local directories, but gives no warning that remote content will replace local files. This creates supply-chain and integrity risk because users are encouraged to trust and install network-fetched code/content without checksum, signature, or review steps.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The instructions ask the user to input and export an API key but do not warn that the credential is sensitive or advise against logging, sharing, or persisting it insecurely. In a skill ecosystem, such credentials may grant access to paid APIs or account-linked operations, so poor handling increases the chance of credential leakage.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.destructive_delete_command

Documentation contains a destructive delete command without an explicit confirmation gate.

Warn
Code
suspicious.destructive_delete_command
Location
skill.md:56