Back to skill

Security audit

Earnings Monitor

Security checks across malware telemetry and agentic risk

Overview

This earnings-report skill mostly matches its stated purpose, but it ships hardcoded API keys and a fixed Telegram recipient, so users should review and fix it before installing.

Do not install this as-is unless you first remove the bundled API keys, replace all destination IDs with your own configuration, verify the Telegram target, and inspect the referenced Obsidian Scout script. Use environment variables or a secret manager for credentials, rotate any exposed keys, and run it in a limited environment until you confirm the Notion, Obsidian, Telegram, and package-install behavior is exactly what you want.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
}

def run_command(cmd):
    result = subprocess.run(cmd, shell=True, capture_output=True, text=True, timeout=120)
    return result.stdout, result.stderr

def invoke_scout(command, params=None):
Confidence
95% confidence
Finding
result = subprocess.run(cmd, shell=True, capture_output=True, text=True, timeout=120)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
import shlex
    safe_content = shlex.quote(report)
    cmd = f'/usr/bin/python3 /root/.openclaw/skills/obsidian-scout/scripts/librarian.py STOCK "{title}" {safe_content}'
    subprocess.run(cmd, shell=True)
    
    return {"status": "ok"}
Confidence
88% confidence
Finding
subprocess.run(cmd, shell=True)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The file hardcodes live Notion and Gemini API credentials alongside a local vault path, giving the skill capabilities beyond simple static configuration for earnings monitoring. Even if these services are functionally related to reporting, embedding cross-service secrets in source code creates unnecessary privilege exposure and expands the blast radius if the file is leaked, copied, or executed by an agent.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger text is broad enough that the skill could activate for a wide range of finance-related requests without clearly requiring explicit user consent for fetching data, writing files, updating Notion, or sending Telegram alerts. In this context, over-broad activation increases the chance of unintended external actions and data persistence, especially because the skill performs multiple side-effecting operations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill description lists writes to local storage, Notion, and Telegram but does not warn the user that content will be persisted and transmitted to external services. This is dangerous because users may assume the skill only generates analysis, while it actually creates durable records and sends notifications, which can expose sensitive investment activity or notes.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill requires a Notion API key in configuration but provides no guidance on secure credential handling, scope minimization, or storage protections. This creates risk of accidental credential exposure, overprivileged integration access, or unsafe sharing of the config file containing secrets.

Missing User Warnings

High
Confidence
99% confidence
Finding
The Notion and Gemini API keys are directly embedded in the source file, which makes credential theft trivial for anyone with repository, package, log, or agent access. Because these appear to be real-looking live tokens, an attacker could use them to access external services, consume paid API quotas, retrieve or modify data, or pivot into connected workflows.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.