ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

VN Stock Scanner

Chuyên gia phân tích chứng khoán Việt Nam (VN-Index, HoSE, HNX, UPCoM). Sử dụng để LẤY TIN TỨC CHỨNG KHOÁN (cập nhật CafeF, tin đồn, tin chủ tịch mua/bán, ch...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 32 · 0 current installs · 0 all-time installs
byDo Van Hoang@hoanghust2003
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (CafeF news + TCBS ticker data) match the included script and SKILL.md instructions: the script fetches CafeF RSS and a TCBS public API. Minor oddity: SKILL.md instructs running a hard-coded absolute path (/home/hoang/.openclaw/...), while the packaged file sits at scripts/scanner.py — this path may not exist in other runtimes and is unnecessary for the stated purpose.
Instruction Scope
Instructions are narrowly scoped to two actions (news and ticker) and tell the agent to exec the included script and use its JSON output. They do not request extra files, credentials, or unrelated system data. Caveat: the instructions specify executing a fixed absolute path which is environment-specific; running the script is required for functionality.
Install Mechanism
No install spec — instruction-only with an included Python script. This is low-risk from an installation perspective because nothing is downloaded or written at install time.
Credentials
The skill requests no environment variables or credentials (proportionate). The script only makes outbound HTTP(S) calls to expected endpoints. Security concern: the code disables SSL verification (requests.get(..., verify=False) and urllib3.disable_warnings), which weakens transport security and could allow MITM tampering of fetched data.
Persistence & Privilege
always:false and no code that modifies system or other skills. The skill does not request persistent privileges or modify global configuration.
Assessment
This skill appears to do what it says: fetch CafeF RSS items and call a TCBS public API, then return structured JSON for the agent to use. Before installing, check two things: (1) SKILL.md uses a hard-coded path (/home/hoang/.openclaw/...); confirm the agent runtime can locate and execute scripts/scanner.py or update the path to the actual installation location. (2) The script disables SSL verification (verify=False) — consider removing that (use verify=True) to avoid MITM risk. No credentials are requested and no unrelated system files are accessed, so the principal risks are operational (path mismatch, weaker TLS). If you want extra safety, run it on-demand (not always-enabled) and review/modify the script to enable certificate verification and to use relative paths or the runtime's canonical skill path.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97347g12whfy08mv29hfhzyhh833pg7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

VN Stock Scanner

Đây là Agent Skill được thiết kế riêng cho chứng khoán Việt Nam, lấy dữ liệu trực tiếp từ các nguồn uy tín như CafeF và API của công ty chứng khoán (TCBS).

1. Tra cứu thông tin mã cổ phiếu (Ticker Info)

Khi user hỏi về một mã chứng khoán (VD: "Phân tích mã FPT", "Chỉ số của VCB thế nào?"):

  • Trích xuất mã cổ phiếu (ticker): ví dụ FPT, VCB, HPG.
  • Sử dụng tool exec gọi lệnh: 
    python3 /home/hoang/.openclaw/workspace/vn-stock-scanner/scripts/scanner.py ticker --ticker <mã_cổ_phiếu>
  • Dùng thông tin trả về (P/E, P/B, EPS, Tỷ suất cổ tức...) để trả lời user và đưa ra nhận định ngắn gọn.

2. Quét tin tức và tin đồn (News & Rumor Scanner)

Khi user hỏi "Có tin tức chứng khoán gì hot không?", "Tìm tin đồn", "Chủ tịch đăng ký mua bán":

  • Nhận diện từ khóa user quan tâm (keywords). Nếu user muốn tin chung chung thì bỏ trống. Nếu user muốn tin về mua/bán nội bộ, thì truyền keywords="mua,bán,chủ tịch,đăng ký".
  • Sử dụng tool exec gọi lệnh: 
    python3 /home/hoang/.openclaw/workspace/vn-stock-scanner/scripts/scanner.py news --keywords "<từ_khóa>"
  • Lọc các tin tức trả về và định dạng lại gọn gàng để gửi cho user. Đưa ra nhận xét khách quan về tác động của các tin này tới thị trường (Tích cực/Tiêu cực/Trung lập).

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…