Back to skill

Security audit

A股和港股股票分析助手

Security checks across malware telemetry and agentic risk

Overview

This stock-monitoring skill is mostly coherent, but it can include personal holdings and profit/loss data in scheduled reports sent to a Feishu group without strong opt-in, preview, or redaction controls.

Review before installing. Use this skill only if you are comfortable storing portfolio and trade records under ~/.openclaw and can control scheduled Feishu delivery. Before enabling reports, verify the recipient group, preview the exact content, and avoid sending holdings, cost basis, P/L, or trade history unless that sharing is intentional.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The prompt explicitly instructs the agent to read local files containing the user's stock pool and position data, which are sensitive portfolio artifacts. Even though the skill is about stock monitoring, accessing arbitrary local files extends the skill into handling private financial data and creates an unnecessary data-exposure surface if the access is not clearly declared, consented to, and constrained.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The prompt directs the agent to send generated reports to a Feishu group chat, which is an outbound data-transfer capability not reflected in the manifest. Because the reports are built from local holdings and market analysis, this creates a realistic risk of unauthorized disclosure of sensitive portfolio information to external recipients.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill’s stated purpose is stock monitoring/analysis, but this code also creates and mutates persistent portfolio and trade records under ~/.openclaw. That broadens the skill from read-only analysis into local state modification involving sensitive financial data, which can surprise users and create privacy/integrity risk if invoked by an agent without explicit consent.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
These functions implement portfolio accounting and trade bookkeeping, which exceeds a generic stock-monitoring skill and introduces handling of sensitive financial records. In an agent setting, hidden bookkeeping capabilities can be abused to alter or fabricate local portfolio state, misleading the user or contaminating later analyses.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill's workflow includes pushing generated reports to a Feishu group chat while also reading local position and trade-history files that may contain sensitive personal financial information. Without an explicit consent step, redaction policy, or warning, the skill could unintentionally disclose portfolio holdings, costs, P&L, and trading activity to unintended recipients.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document explicitly describes sending generated reports to a Feishu group/channel, and elsewhere indicates those reports are derived from stock pools, positions, trades, and alerts stored under ~/.openclaw. That creates a real confidentiality risk because potentially sensitive portfolio and monitoring data may be transmitted to an external collaboration platform without any warning, consent step, audience restriction guidance, or data-minimization note.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The scheduled task flow includes a web_fetch step that queries external search engines using stock name/code keywords. Even if the queries seem market-related, they can still reveal a user's watchlist, positions of interest, or research intent to third-party services, and the documentation provides no privacy or network disclosure.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The code writes persistent position data to local disk without any user-facing warning or consent flow. Silent writes of financial state are risky because users may not realize an analysis skill is modifying files, and other local tools or future runs may trust that persisted data.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
Trade history is persisted locally without disclosure even though it contains sensitive financial activity, including symbols, quantities, prices, notes, and timestamps. Unauthorized or unexpected storage increases privacy exposure and can create a durable record that other local processes or users may access.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.