Trust Assessment
clawback received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 110 findings: 20 critical, 65 high, 25 medium, and 0 low severity. Key findings include Persistence / self-modification instructions, Arbitrary command execution, Unsafe deserialization / dynamic eval.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings110
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions Crontab manipulation (list/remove/edit) Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/mainfraame/clawback/scripts/setup_cron.sh:58 | |
| CRITICAL | Persistence / self-modification instructions Crontab manipulation (list/remove/edit) Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/mainfraame/clawback/scripts/setup_cron.sh:61 | |
| CRITICAL | Persistence / self-modification instructions Crontab manipulation (list/remove/edit) Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/mainfraame/clawback/scripts/setup_cron.sh:66 | |
| CRITICAL | Persistence / self-modification instructions Crontab manipulation (list/remove/edit) Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/mainfraame/clawback/scripts/setup_cron.sh:74 | |
| CRITICAL | Persistence / self-modification instructions Crontab manipulation (list/remove/edit) Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/mainfraame/clawback/scripts/setup_cron.sh:75 | |
| CRITICAL | Persistence / self-modification instructions Crontab manipulation (list/remove/edit) Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/mainfraame/clawback/scripts/setup_cron.sh:76 | |
| CRITICAL | Persistence / self-modification instructions Crontab manipulation (list/remove/edit) Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/mainfraame/clawback/scripts/setup_cron.sh:77 | |
| CRITICAL | Persistence / self-modification instructions Crontab manipulation (list/remove/edit) Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/mainfraame/clawback/scripts/setup_cron.sh:83 | |
| CRITICAL | Persistence / self-modification instructions Crontab manipulation (list/remove/edit) Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/mainfraame/clawback/scripts/setup_cron.sh:86 | |
| CRITICAL | Persistence / self-modification instructions systemd service persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/mainfraame/clawback/src/clawback/congress_data/setup_cron.py:199 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/mainfraame/clawback/src/clawback/congress_data/setup_cron.py:32 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/mainfraame/clawback/src/clawback/congress_data/setup_cron.py:57 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/mainfraame/clawback/src/clawback/congress_data/setup_cron.py:68 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/mainfraame/clawback/src/clawback/congress_data/setup_cron.py:87 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/mainfraame/clawback/src/clawback/congress_data/setup_cron.py:109 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/mainfraame/clawback/src/clawback/congress_data/setup_cron.py:113 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/mainfraame/clawback/src/clawback/congress_data/setup_cron.py:130 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/mainfraame/clawback/src/clawback/congress_data/setup_cron.py:148 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/mainfraame/clawback/src/clawback/telegram_notifier.py:75 | |
| CRITICAL | Unencrypted Storage of Broker and API Credentials The skill stores sensitive broker API keys (apiKey, apiSecret), OAuth access tokens (access_token, access_secret), and Telegram bot tokens (botToken, chatId) in unencrypted JSON files and an SQLite database. Specifically, `~/.clawback/config.json`, `~/.clawback/.access_tokens.json`, `config/secrets.json`, `config/congress_config.json`, and `data/trading.db` contain these credentials in plain text. The `SKILL.md` claims 'Encrypted token storage for E*TRADE', which directly contradicts the implementation found in `src/clawback/database.py` (e.g., `save_broker_tokens` function) and `src/clawback/etrade_adapter.py`. If an attacker gains file system access to the skill's installation directory or the user's home directory, all stored credentials can be easily compromised, leading to unauthorized access to financial accounts and Telegram messaging. Implement robust encryption for all stored sensitive credentials, both in configuration files and the SQLite database. Use a secure key management system (KMS) or derive encryption keys from a user-provided passphrase. Update `SKILL.md` to accurately reflect the security measures in place. | LLM | src/clawback/database.py:166 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/setup.py:17 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/backtester.py:418 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/congress_data/cron_manager.py:72 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/congress_data/cron_manager.py:73 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/congress_data/cron_manager.py:77 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/congress_data/cron_manager.py:90 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/congress_tracker.py:639 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/database.py:2 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/database.py:50 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/database.py:110 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/database.py:118 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/database.py:197 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/database.py:217 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/database.py:233 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/database.py:256 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/database.py:262 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/database.py:276 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/database.py:277 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/database.py:283 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/database.py:288 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/database.py:293 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/database.py:481 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/database.py:482 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/database.py:488 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/database.py:492 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/integration.py:321 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/integration.py:337 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/integration.py:346 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/integration.py:352 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/integration.py:364 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/integration.py:370 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/integration.py:377 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/integration.py:390 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/integration.py:402 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/main.py:3 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/main.py:281 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/main.py:285 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/main.py:302 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/main.py:309 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/main.py:312 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/main.py:317 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/main.py:321 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/main.py:336 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/main.py:384 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/main.py:544 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/main.py:612 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/notifications.py:139 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/telegram_notifier.py:225 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/trade_engine.py:3 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/trade_engine.py:394 | |
| HIGH | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/trade_engine.py:413 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'setup_cron_job'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/mainfraame/clawback/src/clawback/congress_data/setup_cron.py:32 | |
| HIGH | Dangerous call: subprocess.Popen() Call to 'subprocess.Popen()' detected in function 'setup_cron_job'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/mainfraame/clawback/src/clawback/congress_data/setup_cron.py:57 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'remove_cron_job'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/mainfraame/clawback/src/clawback/congress_data/setup_cron.py:87 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'show_cron_status'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/mainfraame/clawback/src/clawback/congress_data/setup_cron.py:130 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'show_cron_status'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/mainfraame/clawback/src/clawback/congress_data/setup_cron.py:148 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'setup_cron_job'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/mainfraame/clawback/src/clawback/congress_data/setup_cron.py:68 | |
| HIGH | Dangerous call: subprocess.Popen() Call to 'subprocess.Popen()' detected in function 'remove_cron_job'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/mainfraame/clawback/src/clawback/congress_data/setup_cron.py:109 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'remove_cron_job'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/mainfraame/clawback/src/clawback/congress_data/setup_cron.py:113 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function '_send_via_openclaw'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/mainfraame/clawback/src/clawback/telegram_notifier.py:75 | |
| HIGH | Persistence mechanism: Crontab modification Detected Crontab modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/mainfraame/clawback/scripts/setup_cron.sh:66 | |
| HIGH | Persistence mechanism: Crontab modification Detected Crontab modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/mainfraame/clawback/scripts/setup_cron.sh:74 | |
| HIGH | Persistence mechanism: Crontab modification Detected Crontab modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/mainfraame/clawback/scripts/setup_cron.sh:77 | |
| HIGH | Excessive Permissions and Persistent Execution via Sudo/Cron/Systemd The `setup.sh` script requires `sudo` to create a symlink in `/usr/local/bin` (`sudo ln -sf "$(pwd)/bin/clawback.py" /usr/local/bin/clawback`). This is a privilege escalation that grants the skill system-wide execution capabilities. Furthermore, `src/clawback/congress_data/setup_cron.py` modifies the user's crontab and can create systemd service files (`User={os.getenv('USER', 'root')}`), enabling persistent execution of the skill's components. If the skill is compromised, these persistent execution mechanisms could be leveraged for long-term malicious activity, and the `sudo` requirement during setup could be exploited if the installation process is not carefully managed. Avoid requiring `sudo` for skill installation. If system-wide CLI access is necessary, provide clear instructions for manual setup or use a package manager. For persistent execution, ensure that cron jobs and systemd services are installed with the least privilege necessary and do not default to `root`. | LLM | setup.sh:50 | |
| HIGH | Browser Automation (Selenium) with Elevated Risk The `src/clawback/congress_tracker.py` file utilizes `selenium` and `webdriver-manager` to launch a browser (e.g., Chrome) for web scraping (specifically in `fetch_senate_data_selenium`). While intended for legitimate data collection, the ability to programmatically control a web browser presents a significant security risk in an AI agent context. A compromised skill could use this capability to launch arbitrary browser instances, interact with other web services the user is logged into, perform phishing attacks, or consume excessive system resources, potentially bypassing agent sandboxing mechanisms. If browser automation is strictly necessary, ensure it runs in a highly isolated and sandboxed environment. Consider headless modes and strict network policies. Evaluate if alternative, less privileged methods (e.g., direct API calls, static HTML parsing) can achieve the same data collection goals. | LLM | src/clawback/congress_tracker.py:30 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/congress_tracker.py:124 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/congress_tracker.py:624 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/integration.py:101 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/mainfraame/clawback/src/clawback/telegram_notifier.py:4 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/mainfraame/clawback/src/clawback/backtester.py:11 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/mainfraame/clawback/src/clawback/congress_data/alert_manager.py:12 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/mainfraame/clawback/src/clawback/congress_data/data_collector.py:10 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/mainfraame/clawback/src/clawback/congress_tracker.py:17 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/mainfraame/clawback/src/clawback/etrade_adapter.py:10 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/mainfraame/clawback/src/clawback/notifications.py:7 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/mainfraame/clawback/src/clawback/telegram_notifier.py:14 | |
| MEDIUM | Unpinned Python dependency version Dependency 'requests>=2.28.0' is not pinned to an exact version. Pin Python dependencies with exact versions where feasible. | Dependencies | skills/mainfraame/clawback/pyproject.toml | |
| MEDIUM | Unpinned Python dependency version Requirement 'requests>=2.28.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/mainfraame/clawback/requirements.txt:5 | |
| MEDIUM | Unpinned Python dependency version Requirement 'requests-oauthlib>=1.3.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/mainfraame/clawback/requirements.txt:6 | |
| MEDIUM | Unpinned Python dependency version Requirement 'pdfplumber>=0.9.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/mainfraame/clawback/requirements.txt:9 | |
| MEDIUM | Unpinned Python dependency version Requirement 'beautifulsoup4>=4.11.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/mainfraame/clawback/requirements.txt:12 | |
| MEDIUM | Unpinned Python dependency version Requirement 'selenium>=4.10.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/mainfraame/clawback/requirements.txt:13 | |
| MEDIUM | Unpinned Python dependency version Requirement 'webdriver-manager>=4.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/mainfraame/clawback/requirements.txt:14 | |
| MEDIUM | Unpinned Python dependency version Requirement 'pandas>=1.5.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/mainfraame/clawback/requirements.txt:17 | |
| MEDIUM | Unpinned Python dependency version Requirement 'yfinance>=0.2.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/mainfraame/clawback/requirements.txt:18 | |
| MEDIUM | Unpinned Python dependency version Requirement 'schedule>=1.2.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/mainfraame/clawback/requirements.txt:21 | |
| MEDIUM | Unpinned Python dependency version Requirement 'lxml>=4.9.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/mainfraame/clawback/requirements.txt:24 | |
| MEDIUM | Unpinned Python dependency version Requirement 'pytest>=7.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/mainfraame/clawback/requirements.txt:27 | |
| MEDIUM | Unpinned Python dependency version Requirement 'pytest-cov>=4.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/mainfraame/clawback/requirements.txt:28 | |
| MEDIUM | Unpinned/Loosely Pinned Dependencies and Third-Party Data Source The `pyproject.toml` and `requirements.txt` files use unpinned or loosely pinned dependencies (e.g., `requests>=2.28.0`, `selenium>=4.10.0`). This allows for automatic updates to newer versions, which could introduce breaking changes or vulnerabilities without explicit review. For a financial application, tighter pinning (`==` or `~=`) is recommended to ensure stability and security. Additionally, `src/clawback/congress_data/data_collector.py` fetches congressional trade data from a community-maintained GitHub repository (`https://raw.githubusercontent.com/timothycarambat/senate-stock-watcher-data/main/data/all_transactions.json`). This introduces a third-party data supply chain risk; if this external data source is compromised, malicious or incorrect trade data could be injected, leading to erroneous or harmful trading decisions. Pin all dependencies to exact versions (`==`) or use compatible release operators (`~=`) to prevent unexpected updates. For the third-party data source, implement data validation, checksum verification, or consider mirroring the data to a trusted, controlled environment. Clearly document the risks associated with external data dependencies. | LLM | pyproject.toml:29 |
Scan History
Embed Code
[](https://skillshield.io/report/3479017891421022)
Powered by SkillShield