ClawHub

public-dot-com

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Public.com brokerage integration, but it can access account data and place or cancel real orders, so it should only be used with deliberate user control.

Install only if you intend to let OpenClaw access your Public.com brokerage account. Use the least-privileged API key or a test account when possible, preinstall and review publicdotcom-py before live use, keep explicit human confirmation before every trade or cancellation, and avoid running the options automation examples unattended with real funds.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (38)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
from public_api_sdk.auth_config import ApiKeyAuthConfig
except ImportError:
    print("Installing required dependency: publicdotcom-py...")
    subprocess.check_call([sys.executable, "-m", "pip", "install", "publicdotcom-py==0.1.8"])
    from public_api_sdk import PublicApiClient, PublicApiClientConfiguration
    from public_api_sdk.auth_config import ApiKeyAuthConfig
Confidence
96% confidence
Finding
subprocess.check_call([sys.executable, "-m", "pip", "install", "publicdotcom-py==0.1.8"])

subprocess module call

Medium
Category
Dangerous Code Execution
Content
from public_api_sdk.auth_config import ApiKeyAuthConfig
except ImportError:
    print("Installing required dependency: publicdotcom-py...")
    subprocess.check_call([sys.executable, "-m", "pip", "install", "publicdotcom-py==0.1.8"])
    from public_api_sdk import PublicApiClient, PublicApiClientConfiguration
    from public_api_sdk.auth_config import ApiKeyAuthConfig
Confidence
91% confidence
Finding
subprocess.check_call([sys.executable, "-m", "pip", "install", "publicdotcom-py==0.1.8"])

subprocess module call

Medium
Category
Dangerous Code Execution
Content
from public_api_sdk.auth_config import ApiKeyAuthConfig
except ImportError:
    print("Installing required dependency: publicdotcom-py...")
    subprocess.check_call([sys.executable, "-m", "pip", "install", "publicdotcom-py==0.1.8"])
    from public_api_sdk import PublicApiClient, PublicApiClientConfiguration
    from public_api_sdk.auth_config import ApiKeyAuthConfig
Confidence
91% confidence
Finding
subprocess.check_call([sys.executable, "-m", "pip", "install", "publicdotcom-py==0.1.8"])

subprocess module call

Medium
Category
Dangerous Code Execution
Content
from public_api_sdk.auth_config import ApiKeyAuthConfig
except ImportError:
    print("Installing required dependency: publicdotcom-py...")
    subprocess.check_call([sys.executable, "-m", "pip", "install", "publicdotcom-py==0.1.8"])
    from public_api_sdk import (
        PublicApiClient,
        PublicApiClientConfiguration,
Confidence
97% confidence
Finding
subprocess.check_call([sys.executable, "-m", "pip", "install", "publicdotcom-py==0.1.8"])

subprocess module call

Medium
Category
Dangerous Code Execution
Content
from public_api_sdk.auth_config import ApiKeyAuthConfig
except ImportError:
    print("Installing required dependency: publicdotcom-py...")
    subprocess.check_call([sys.executable, "-m", "pip", "install", "publicdotcom-py==0.1.8"])
    from public_api_sdk import (
        PublicApiClient,
        PublicApiClientConfiguration,
Confidence
95% confidence
Finding
subprocess.check_call([sys.executable, "-m", "pip", "install", "publicdotcom-py==0.1.8"])

subprocess module call

Medium
Category
Dangerous Code Execution
Content
from public_api_sdk.auth_config import ApiKeyAuthConfig
except ImportError:
    print("Installing required dependency: publicdotcom-py...")
    subprocess.check_call([sys.executable, "-m", "pip", "install", "publicdotcom-py==0.1.8"])
    from public_api_sdk import (
        PublicApiClient,
        PublicApiClientConfiguration,
Confidence
94% confidence
Finding
subprocess.check_call([sys.executable, "-m", "pip", "install", "publicdotcom-py==0.1.8"])

subprocess module call

Medium
Category
Dangerous Code Execution
Content
from public_api_sdk.auth_config import ApiKeyAuthConfig
except ImportError:
    print("Installing required dependency: publicdotcom-py...")
    subprocess.check_call([sys.executable, "-m", "pip", "install", "publicdotcom-py==0.1.8"])
    from public_api_sdk import (
        PublicApiClient,
        PublicApiClientConfiguration,
Confidence
91% confidence
Finding
subprocess.check_call([sys.executable, "-m", "pip", "install", "publicdotcom-py==0.1.8"])

subprocess module call

Medium
Category
Dangerous Code Execution
Content
from public_api_sdk.auth_config import ApiKeyAuthConfig
except ImportError:
    print("Installing required dependency: publicdotcom-py...")
    subprocess.check_call([sys.executable, "-m", "pip", "install", "publicdotcom-py==0.1.8"])
    from public_api_sdk import PublicApiClient, PublicApiClientConfiguration
    from public_api_sdk.auth_config import ApiKeyAuthConfig
Confidence
90% confidence
Finding
subprocess.check_call([sys.executable, "-m", "pip", "install", "publicdotcom-py==0.1.8"])

subprocess module call

Medium
Category
Dangerous Code Execution
Content
from public_api_sdk.auth_config import ApiKeyAuthConfig
except ImportError:
    print("Installing required dependency: publicdotcom-py...")
    subprocess.check_call([sys.executable, "-m", "pip", "install", "publicdotcom-py==0.1.8"])
    from public_api_sdk import PublicApiClient, PublicApiClientConfiguration
    from public_api_sdk.auth_config import ApiKeyAuthConfig
Confidence
93% confidence
Finding
subprocess.check_call([sys.executable, "-m", "pip", "install", "publicdotcom-py==0.1.8"])

subprocess module call

Medium
Category
Dangerous Code Execution
Content
from public_api_sdk.auth_config import ApiKeyAuthConfig
except ImportError:
    print("Installing required dependency: publicdotcom-py...")
    subprocess.check_call([sys.executable, "-m", "pip", "install", "publicdotcom-py==0.1.8"])
    from public_api_sdk import PublicApiClient, PublicApiClientConfiguration
    from public_api_sdk.auth_config import ApiKeyAuthConfig
Confidence
96% confidence
Finding
subprocess.check_call([sys.executable, "-m", "pip", "install", "publicdotcom-py==0.1.8"])

subprocess module call

Medium
Category
Dangerous Code Execution
Content
from public_api_sdk.auth_config import ApiKeyAuthConfig
except ImportError:
    print("Installing required dependency: publicdotcom-py...")
    subprocess.check_call([sys.executable, "-m", "pip", "install", "publicdotcom-py==0.1.8"])
    from public_api_sdk import (
        PublicApiClient,
        PublicApiClientConfiguration,
Confidence
95% confidence
Finding
subprocess.check_call([sys.executable, "-m", "pip", "install", "publicdotcom-py==0.1.8"])

subprocess module call

Medium
Category
Dangerous Code Execution
Content
from public_api_sdk.auth_config import ApiKeyAuthConfig
except ImportError:
    print("Installing required dependency: publicdotcom-py...")
    subprocess.check_call([sys.executable, "-m", "pip", "install", "publicdotcom-py==0.1.8"])
    from public_api_sdk import (
        PublicApiClient,
        PublicApiClientConfiguration,
Confidence
89% confidence
Finding
subprocess.check_call([sys.executable, "-m", "pip", "install", "publicdotcom-py==0.1.8"])

subprocess module call

Medium
Category
Dangerous Code Execution
Content
from public_api_sdk.auth_config import ApiKeyAuthConfig
except ImportError:
    print("Installing required dependency: publicdotcom-py...")
    subprocess.check_call([sys.executable, "-m", "pip", "install", "publicdotcom-py==0.1.8"])
    from public_api_sdk import (
        PublicApiClient,
        PublicApiClientConfiguration,
Confidence
94% confidence
Finding
subprocess.check_call([sys.executable, "-m", "pip", "install", "publicdotcom-py==0.1.8"])

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill declares access to environment secrets, file reads, and shell execution behavior but does not expose an explicit permissions model to constrain or communicate those capabilities. In a brokerage skill, that combination is sensitive because shell commands and secret access can affect real financial accounts and user data, increasing the blast radius if the skill is misused or invoked unexpectedly.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
A brokerage skill should not need to modify the host environment by downloading and installing packages at runtime, especially immediately before performing account actions. In this context, the behavior is more dangerous because the script handles brokerage credentials and account operations, so a compromised or substituted package could steal secrets, tamper with trades, or alter account requests.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
This skill is for interacting with a brokerage account, but it includes the ability to install a Python package at runtime, which is unnecessary for the business function and introduces arbitrary external code retrieval during execution. In a financial-account context, this is more sensitive because the same process handles API secrets and account data, so a compromised dependency or package source could expose credentials or manipulate account-related operations.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
Auto-installing a Python package at runtime is a genuine security issue because it performs package management as part of a brokerage-history retrieval script, which is unrelated privileged behavior. In the context of a financial-account skill, silently fetching and executing third-party code is more concerning because users may run it in environments containing brokerage credentials and account data.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
A brokerage lookup skill should not need the capability to install software dynamically during normal execution. This expands the attack surface significantly because package retrieval and installation can introduce malicious or compromised code into an environment that also holds brokerage API credentials.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
Installing a Python package at runtime gives this brokerage-related script package-management behavior unrelated to its stated purpose. In the context of a skill that handles brokerage credentials and account access, unexpected dependency installation is more dangerous because it adds a path for executing third-party code in the same environment as sensitive secrets.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
Installing a package during execution is not necessary to fulfill the brokerage account interaction purpose and introduces avoidable supply-chain risk. In this context, the skill handles brokerage credentials and account access, so dynamically pulling code from package infrastructure is more sensitive than in a low-trust or non-financial script.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Installing `publicdotcom-py` at runtime is not necessary for the business logic of fetching option expirations and expands the attack surface by permitting code retrieval and execution from the package ecosystem at run time. In the context of a brokerage skill, this is more concerning because the script also accesses API secrets and account identifiers, so any compromised dependency or package-resolution issue could expose sensitive financial data or alter behavior.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
Installing a Python package at runtime is not necessary for the core function of retrieving option greeks and creates an avoidable code-execution path through package installation. In the context of a skill that handles brokerage credentials and account identifiers, this is more concerning because a compromised or substituted dependency could gain access to sensitive financial data or influence subsequent API interactions.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
Installing a Python package at runtime is not necessary for simply retrieving brokerage orders and creates an unnecessary code-execution path. In this skill context, the script accesses brokerage credentials and account identifiers, so any compromise of the package supply chain or package resolution process could expose sensitive financial data or alter behavior in a high-trust environment.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
Installing a Python package during execution is not necessary for simply viewing a portfolio and introduces avoidable supply-chain and execution risk. Because this skill handles brokerage access, any compromised dependency or package-resolution issue could expose secrets or alter financial data handling in a sensitive environment.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
A brokerage quote skill should fetch market data, not modify the local Python environment. Installing packages during execution expands the script's capabilities beyond its stated purpose and can execute unreviewed third-party code, which is especially concerning in an agent skill context where tools may run with ambient credentials or broad host access.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal