ClawHub

Capital Market Report

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent market-reporting workflow, but it uses local helper scripts, network news fetching, persistent report/cache files, and a rough cleanup command that users should review.

Install only if you are comfortable with the skill fetching public market/news data, running referenced local finance helper skills, and storing report/cache files under ~/.openclaw. Review or disable the cleanup command before use if report history matters, because the shown rm pattern can remove generated report files without a preview or age check.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Rogue AgentSelf-Modification, Session Persistence
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (8)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
cmd = f"uv run {script_path} {' '.join(all_codes)}"
    
    try:
        result = subprocess.run(cmd, shell=True, capture_output=True, text=True, timeout=30)
        # 解析输出 - 按顺序匹配
        lines = result.stdout.strip().split('\n')[2:]  # 跳过表头
        data = {}
Confidence
96% confidence
Finding
result = subprocess.run(cmd, shell=True, capture_output=True, text=True, timeout=30)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
cmd = f"uv run {script_path} {symbol}"
    
    try:
        result = subprocess.run(cmd, shell=True, capture_output=True, text=True, timeout=30)
        # 解析: "Bitcoin (BTC): $67,947.09"
        line = result.stdout.strip()
        if "$" in line:
Confidence
97% confidence
Finding
result = subprocess.run(cmd, shell=True, capture_output=True, text=True, timeout=30)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill instructs destructive deletion of report files as part of normal operation, which exceeds simple report generation and scanning. Even if intended as retention management, embedding deletion in mandatory workflow can cause loss of historical data and makes the skill capable of harmful file operations if path handling is ever broadened or misapplied.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
Destructive file retention is not clearly necessary to generate a capital market report, so granting or encouraging this behavior expands the skill's attack surface beyond its stated purpose. In a tool-executing environment, unnecessary deletion instructions normalize dangerous operations and can be repurposed to erase user data or evidence of prior outputs.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script creates a persistent cache directory under the user's home directory and later writes both cached news items and generated reports to disk, even though the skill description emphasizes scanning/report generation rather than durable local retention. Persisting externally sourced content can expose browsing or research history, accumulate unbounded sensitive business intelligence, and violate user expectations or platform isolation assumptions.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill mandates `rm memory/capital_market_report_*.md` without any warning, preview, or confirmation, which is unsafe because shell globbing can delete multiple files irreversibly. In an agent context, automatic execution of destructive commands is especially risky because users may not realize historical reports will be removed as a side effect of generating a new one.

Session Persistence

Medium
Category
Rogue Agent
Content
```bash
# 文件名格式:capital_market_report_YYYYMMDD_HHMM.md
# 示例输出:
write ~/.openclaw/workspace-group/memory/capital_market_report_20260515_1500.md
```

- ⛔ 此步骤不可跳过。未成功存盘则不得输出报告。
Confidence
87% confidence
Finding
write ~/.openclaw

Tool Parameter Abuse

High
Category
Tool Misuse
Content
```

- ⛔ 此步骤不可跳过。未成功存盘则不得输出报告。
- 存盘后立即执行:删除 24 小时前的旧文件 `rm memory/capital_market_report_*.md`(只保留 24h 内的)
- 下一份报告生成时,第一步就是 `ls memory/capital_market_report_*.md` 加载过去 24h 全部已存报告作为 Delta 基线

### 3.1 格式锁
Confidence
98% confidence
Finding
rm memory/

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal