Back to skill

Security audit

Concrete Stock Daily Reporter

Security checks across malware telemetry and agentic risk

Overview

This stock-reporting skill mostly matches its purpose, but it can send a user's report to a hard-coded Feishu recipient and includes optional persistent scheduling.

Review before installing. Replace or remove the hard-coded Feishu target in send_report.sh, confirm the exact recipient before any send, and do not enable the cron entry until the stock arguments and recipient are correct. Treat generated reports as potentially sensitive investment-interest data, and consider fixing the scripts to use verified HTTPS for market data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill explicitly requires outbound network access to third-party market-data services, yet no permissions are declared. This creates an authorization and transparency gap: operators and users cannot accurately assess or constrain what external communication the skill performs, which is risky in an agent setting.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The skill description understates several impactful behaviors: contacting external finance APIs, sending messages to Feishu, and writing logs to local storage. This mismatch is dangerous because users may invoke a seemingly simple reporting skill without realizing it can exfiltrate report contents, persist artifacts, and establish operational behavior beyond passive report generation.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The script unconditionally sends the generated stock report to a hard-coded Feishu recipient, regardless of who invoked it or whether the user intended that destination. This creates a clear data exfiltration/privacy risk because user-provided watchlists and generated market analysis are transmitted to a preconfigured external identity without per-use consent or recipient validation.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The code has built-in capability to deliver generated content to a fixed third-party Feishu account, but this outbound data flow is not reflected in the described skill behavior. Hidden or undocumented external transmission is dangerous because users and operators cannot make informed trust decisions, and sensitive financial interest information may be disclosed unexpectedly.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The instructions tell the operator to edit a local code file and modify cron without clearly warning that these actions change persistent local system state. In an agent environment, hidden state-changing steps can lead to unintended file modifications, durable task scheduling, and harder-to-audit behavior.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script sends user-selected stock identifiers to a third-party Eastmoney endpoint over plain HTTP, which exposes request contents to network observers and allows tampering with returned market data. In addition, the skill provides no user-facing disclosure that watchlist contents are being transmitted to external providers, creating a privacy and transparency issue even if the identifiers are not highly sensitive on their own.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script sends report contents to Feishu without any user-facing warning, approval prompt, or visible indication that data leaves the local workflow. In the context of a stock-reporting skill, this is more dangerous because watchlists and trading interests can reveal sensitive financial preferences or strategies to an unintended third party.

Session Persistence

Medium
Category
Rogue Agent
Content
```bash
# 查看当前定时任务
crontab -l

# 编辑定时任务(每天08:30发送)
crontab -e
Confidence
97% confidence
Finding
crontab -l

Session Persistence

Medium
Category
Rogue Agent
Content
crontab -l

# 编辑定时任务(每天08:30发送)
crontab -e
# 添加:30 8 * * * /root/.openclaw/workspace/skills/stock-daily-report/scripts/send_report.sh >> /tmp/stock_report.log 2>&1
```
Confidence
99% confidence
Finding
crontab -e

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.insecure_tls_verification

HTTPS certificate verification is disabled.

Warn
Code
suspicious.insecure_tls_verification
Location
scripts/daily_report.py:57