ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Fund Trading Clawhub

v1.0.2

基金实盘交易工具,支持账户管理、基金查询、申购赎回、资产查询

0· 58·0 current·0 all-time
byweiqt@weitom0902
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (fund trading, account management, fund queries, subscribe/redeem) align with the provided Python CLI which implements register, token fetch, list/detail, subscribe/redeem, position, orders, etc. Requiring python3 is appropriate. However the SKILL metadata declares OPENAPI_URL as the primary credential/endpoint but the script defines a hardcoded API_ENDPOINT (http://127.0.0.1:8080/openApi) and does not obviously use the declared OPENAPI_URL — this mismatch is unexpected.
!
Instruction Scope
SKILL.md instructs use of an API service (default OPENAPI_URL = https://openapi.nicaifu.com/openApi) and describes secure behavior (OAuth + token caching/encryption). The visible script calls APIs and persists account credentials/tokens to ~/.config/opencode/skills/fund-trading/data/config.json. The changelog/README claim token local encryption, but the shown save_config uses json.dump (plain JSON) with no encryption. That is a contradiction: the skill promises encrypted local storage but appears to store secrets in plaintext.
Install Mechanism
No install spec (instruction-only skill) and only requires python3. A single Python script is provided; there are no remote downloads or extract/install steps in the bundle, which is low risk from install mechanics.
!
Credentials
The package metadata and SKILL.md declare OPENAPI_URL as the primaryEnv and show it in the environment table, but the code (as shown) hardcodes API_ENDPOINT and does not appear to read OPENAPI_URL from the environment. Also, required env vars list is empty despite primaryEnv being declared — that inconsistency is suspicious. The script stores client_id/client_secret and access tokens locally; these secrets are required for the skill purpose, but the misrepresented storage/encryption reduces proportionality/trust.
!
Persistence & Privilege
The skill persists account credentials and access tokens to a config file under the user's home directory (~/.config/opencode/skills/fund-trading/data/config.json). Persisting tokens and client secrets locally is expected for this functionality, but the repository's own documentation claims encrypted token storage while the code writes JSON plaintext. This persistence combined with the misrepresentation is a notable risk. The skill is not always: true and does not request system-wide privileges.
What to consider before installing
This skill appears to implement the advertised fund-trading CLI, but there are multiple inconsistencies you should resolve before trusting it with real credentials: 1) Confirm whether the script actually uses the OPENAPI_URL environment variable (SKILL.md claims it is primary) or whether it will default to a local API_ENDPOINT (127.0.0.1) — if the code defaults to localhost you may be directed to an unexpected backend. 2) The README/changelog claim tokens are stored encrypted, but the shown save_config writes plain JSON; assume client_id/client_secret and access tokens are stored in plaintext unless the author proves otherwise. 3) Ask the author for the full, untruncated script and evidence of OPENAPI_URL usage and encryption; or inspect the full script yourself. 4) If you install, do so in an isolated environment and avoid putting production/real credentials into the skill until you confirm storage/encryption and endpoint behavior. 5) Prefer installing only from the published upstream repository URL (verify GitHub repo identity) and validate the package on PyPI/npm before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fq202jk5qvfwn4sw7113ww18447fy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3
Primary envOPENAPI_URL

Comments