Buffett Analysis
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: buffett-analysis Version: 0.1.0 This skill bundle is classified as suspicious due to two critical vulnerabilities. First, the `scripts/fetch_company_data.py` script uses `subprocess.run(..., shell=True)` with unsanitized user input (`keyword`), creating a severe shell injection (RCE) vulnerability. Second, the `SKILL.md` explicitly instructs the AI agent to perform `git commit` and `git push` operations to GitHub (implied target: finstep-ai.github.io/alpha-factor-lab) after generating reports. This allows for prompt injection attacks, enabling unauthorized code modification, data exfiltration, or defacement of the target repository based on malicious user input.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or accidental company-name input could cause the agent’s environment to run commands beyond fetching financial data.
The script accepts the company keyword from user input and interpolates it into an unquoted shell command. A crafted company name containing shell metacharacters could execute unintended local commands.
args = " ".join(f"{k}={v}" for k, v in kwargs.items())
cmd = f"mcporter call {tool} {args}"
r = subprocess.run(cmd, shell=True, capture_output=True, text=True, env=ENV, timeout=60)Replace shell=True string execution with an argument list, quote or validate all user-controlled values, and restrict company identifiers to expected ticker/name formats before invoking mcporter.
Installing the skill may cause routine analysis requests to change a local application data file and publish or display generated investment ratings in that frontend.
The skill instructs the agent to always mutate a local frontend data file after analysis, without requiring explicit user confirmation or describing rollback/backup behavior.
每次完成基本面分析后,**必须**将报告数据写入前端展示: 1. 读取 `alpha-factor-lab/fundamental-reports.json` 2. 按以下 JSON 结构追加一条报告
Make the frontend write optional and user-confirmed, validate the target path, preserve a backup, and document how users can disable or revert the write.
The skill’s behavior for US equities depends on external local code that users may not realize is required or reviewed.
The US-stock path invokes a sibling us-market script that is not part of this skill’s manifest, while the registry metadata does not declare such a dependency.
US_MARKET_SCRIPT = os.path.join(SCRIPT_DIR, '..', '..', 'us-market', 'scripts', 'us_market_query.py')
Declare external skill/tool dependencies in metadata or install documentation, and ensure users install them from a trusted source.