股票量化助手，可以获取个股择时量化图，个股行情分析，监控股买卖点变化通知。

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed stock-analysis integration, but it stores service API keys locally and sends them to the provider for authenticated stock queries and monitoring.

Install only if you trust yingyan.chatface.com with your OpenClaw and monitoring API keys. Keep config.json private, do not commit or share it, avoid exposing URLs that include apikey, rotate keys if they may have leaked, and stop any WebSocket monitoring session when you no longer need live stock signals.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (9)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly instructs the agent to persist sensitive API credentials to a local config.json file and does not require any user-facing warning, consent step, encryption, or storage-hardening controls. Persisting secrets across sessions increases the chance of accidental disclosure through filesystem access, backups, logs, repo inclusion, or other skills/processes reading the same directory.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The examples instruct the agent to persist API credentials in a local config.json file and automatically reuse them, but they do not include any warning about secure local storage, file permissions, or avoiding accidental exposure through logs, backups, or source control. For a skill that handles real user secrets, this omission increases the chance of credential leakage through normal operational mistakes.

Missing User Warnings

Medium

Confidence: 83% confidence
Finding: The examples show sending user_id and API keys to external HTTP and WebSocket endpoints as part of normal operation, but they do not clearly warn users that secrets will be transmitted to a third-party service. In a skill that automates these calls, lack of transparency and consent can lead to unintended disclosure of credentials or use of the wrong key in the wrong channel.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: Passing API keys in query parameters is risky because URLs are commonly exposed through logs, browser history, intermediary proxies, monitoring tools, and referrer leakage. In this skill context, the spec explicitly places credentials in GET query strings for authenticated requests, increasing the chance that long-lived stock service keys are accidentally disclosed during normal operation.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The documentation explicitly instructs the agent to write user-provided credentials back into config.json, but does not require an explicit consent flow or warning about local secret persistence. This creates a real risk of inadvertent credential retention, later disclosure through logs/files, or reuse across sessions by other users or tools with filesystem access.

Ssd 3

Medium

Confidence: 97% confidence
Finding: The instructions require storing user-provided API credentials in config.json for reuse across sessions, which creates a standing secret on disk. A persistent plaintext credential materially expands exposure if the workspace is shared, synced, backed up, inspected by another tool, or later exfiltrated by prompt injection or unrelated file-access behavior.

Ssd 3

Medium

Confidence: 91% confidence
Finding: The skill explicitly directs persistent storage of user-provided credentials in config.json and automatic reuse across sessions. Persisting secrets in a general project file materially increases exposure risk if the workspace is shared, backed up, inspected by other tools, or accidentally checked into version control.

Ssd 3

Medium

Confidence: 90% confidence
Finding: The credential update flow tells the agent to overwrite and save new secret values back to persistent storage. This creates a repeated secret-handling path that can silently retain stale or newly pasted credentials, increasing the blast radius of compromise and the chance of accidental exposure through file access or debugging artifacts.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The skill instructs the agent to persist conversationally supplied API keys and user IDs into config.json, creating a durable natural-language-to-secret-storage path. In an agent environment, this is dangerous because secrets shared in chat may be silently retained on disk and later exposed through workspace access, backups, debugging, or unrelated tooling that reads the same directory.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal