Stock Monitor
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: stock-monitor Version: 1.3.0 The skill is classified as suspicious due to a potential prompt injection vulnerability identified in the `SKILL.md` file. The `openclaw cron add` command includes a `--message` argument that instructs the AI agent to "运行 python3 ~/.openclaw/workspace/skills/stock-monitor/scripts/stocks_monitor.py 并把输出发给我" (Run python3 ... and send me the output). While the specific command executed here is benign (running the skill's own script), this pattern demonstrates a vulnerability where an attacker could potentially inject arbitrary commands into the agent's execution flow via the `--message` parameter. The Python scripts themselves (e.g., `scripts/stocks_monitor.py`, `scripts/futu_stocks_monitor.py`) appear benign, performing legitimate stock monitoring functions, accessing expected local configuration/state files, and interacting with known financial APIs (Yahoo Finance, local Futu OpenD) without evidence of malicious intent like data exfiltration or unauthorized access.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If this optional script is run, a brokerage or market-data unlock password may be stored in a local JSON config and sent to the configured Futu service host.
This bundled script can read a Futu/OpenD unlock password from configuration and use it, while the skill description emphasizes Yahoo Finance and the requirements declare no primary credential.
unlock_password = futu_config.get("unlock_password", "")
if unlock_password:
ret = quote_ctx.unlock_market(password=unlock_password, unlock=True)Declare the Futu integration and credential requirement clearly, document the exact config path and host behavior, avoid storing passwords in plain JSON, and require explicit user approval before using any Futu password.
Stock alerts may continue running and posting to Discord until the cron job is removed.
The skill instructs the user to create a recurring background task that runs every five minutes and sends the script output to Discord.
openclaw cron add --name "股票监控" --cron "*/5 * * * *" ... --message "运行 python3 ... 并把输出发给我" --channel discord
Only add the cron job if you want ongoing monitoring, use a private channel, and remove or pause the scheduled task when it is no longer needed.
Your watched stocks and alert history may reveal financial interests or holdings if the workspace memory is shared, backed up, or later reused.
The skill stores stock symbols, base prices, and alert state in OpenClaw's workspace memory area.
创建配置文件 `~/.openclaw/workspace/memory/stocks_config.json` ... 脚本会自动在 `~/.openclaw/workspace/memory/stocks_alert.json` 保存监控状态
Keep the workspace private, avoid storing unnecessary sensitive portfolio details, and delete the config/state files when you no longer need monitoring.
The optional Futu script may fail or prompt users to install an undeclared package whose version and provenance are not pinned by this skill.
A bundled script imports the external futu package, but the registry requirements and install specification do not declare any dependency or installation guidance for it.
from futu import *
Document optional dependencies, pin package versions where possible, and remove unused helper scripts if they are not part of the advertised skill.