Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Fund Advisor
v1.0.0场外公募基金配置顾问 Agent Skill,具备10年实战投资经验的资深理财经理角色,提供基金数据查询、组合配置、风险评估、市场监控、投资教育等一站式专业理财服务。支持 web-search、document-generation、knowledge、feishu-message 四大技能集成。
⭐ 0· 27·0 current·0 all-time
by@xikal
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name, description, tools, and documented functions (fund data queries, report generation, Feishu notifications, local/ S3 storage) are coherent for a financial advisor agent. Declared runtime dependencies (coze-coding-dev-sdk, langchain, langgraph) are also plausible. However, the skill metadata claims no required environment variables or config paths, while SKILL.md and reference docs explicitly reference environment variables (COZE_WORKLOAD_IDENTITY_API_KEY, COZE_INTEGRATION_MODEL_BASE_URL, FEISHU_WEBHOOK_URL, COZE_WORKSPACE_PATH) and a configuration file (config/agent_llm_config.json). That mismatch between metadata and the actual instructions is an inconsistency that should be resolved.
Instruction Scope
The runtime instructions tell the agent to read a workspace config file (config/agent_llm_config.json), load and use model/API keys from environment or workload-identity, persist user data and diaries to /tmp, upload generated reports to S3 (via the document-generation client), and fetch integration credentials via coze_workload_identity (used to get Feishu webhook URLs). Those are normal for the advertised features, but they involve reading local config, using credential-retrieval APIs, and writing user data to filesystem and cloud—none of which were declared in the skill metadata. The instructions do not attempt to contact unknown/personal endpoints, but they do grant broad scope to access workspace configs, local files under /tmp, and cloud storage keys.
Install Mechanism
This is an instruction-only skill with no install script or remote downloads. That is lower risk. Declared Python/SDK dependencies are reasonable for an agent using coze-coding SDK, LangChain, and document-generation clients. No arbitrary URL downloads or extracted archives are present.
Credentials
Although the registry metadata declared no required environment variables or primary credential, the SKILL.md and reference docs require and use multiple runtime credentials and contextual env vars: COZE_WORKLOAD_IDENTITY_API_KEY and COZE_INTEGRATION_MODEL_BASE_URL (for model/API access), COZE_WORKSPACE_PATH (used to locate config), and retrieval of integration credentials (e.g., Feishu webhook) via coze_workload_identity. The skill also relies on S3 for report uploads (implicit cloud credentials). Asking for or using these credentials is explainable by the features (model calls, webhook sending, S3 uploads), but the omission from metadata is a material inconsistency: the skill will need access to credentials and integration secrets that were not declared up-front.
Persistence & Privilege
The skill does not request 'always: true' and is user-invocable (normal). It persists conversation memory via MemorySaver and writes user data (profiles, SIP plans, diaries) to /tmp and uploads reports to S3. Those behaviors are consistent with the service offered, but they imply storing potentially sensitive personal and financial information on local disk and cloud storage—users should confirm retention, encryption, and deletion policies. The skill also uses workload-identity APIs to fetch integration credentials, giving it capability to send notifications via configured webhooks if those credentials are present.
What to consider before installing
Things to check before installing or running:
1) Metadata mismatch: The published metadata lists no env vars or config paths, but SKILL.md requires COZE_WORKLOAD_IDENTITY_API_KEY, COZE_INTEGRATION_MODEL_BASE_URL, (optionally) COZE_WORKSPACE_PATH, and uses coze_workload_identity to fetch FEISHU webhook credentials. Ask the publisher to update metadata to accurately list required env vars and config paths.
2) Credentials & integrations: The skill will attempt to retrieve integration credentials (Feishu webhook) and use model/back-end APIs and S3 uploads. Only provide these secrets in a controlled environment. If you use workload-identity, verify which integration entries (e.g., 'integration-feishu-message') are accessible and limit their permissions.
3) Data storage & privacy: The agent saves user profiles, SIP plans, investment diaries to /tmp and uploads generated reports to S3 (pre-signed URLs). Confirm retention/cleanup policies, whether data is encrypted at rest, and which S3 buckets are used. If you cannot trust the publisher, run in an isolated environment or sandbox.
4) Operational scope: The skill reads config/agent_llm_config.json from a workspace path — ensure that file does not contain secrets you don’t want exposed to the skill. Consider using a dedicated workspace/config for this skill.
5) Runtime isolation: Because the skill calls external services and can send notifications, run it under least privilege (limit network access, restrict accessible integrations) until you have validated behavior.
6) Ask for clarification: Request the owner/source (author) to provide a homepage or contact and to correct metadata so required env vars / config paths / permissions are explicit. Also request documentation showing which S3 bucket and feishu integration are used and whether any telemetry or analytics endpoints are contacted.
Overall: the skill appears to implement the advertised advisor functionality, but the mismatch between metadata and the SKILL.md (especially around credentials, config file access, and storage) is a concrete security/operational concern—treat as suspicious until clarified and run in a controlled environment.Like a lobster shell, security has layers — review code before you run it.
latestvk97fa5884qqjhnxzzt36z6fqsh845b9t
License
MIT-0
Free to use, modify, and redistribute. No attribution required.