Trust Assessment
finance-news received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 42 findings: 14 critical, 20 high, 7 medium, and 1 low severity. Key findings include Unsafe environment variable passthrough, Arbitrary command execution, Credential harvesting.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings42
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/kesslerio/finance-news/scripts/briefing.py:31 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/kesslerio/finance-news/scripts/briefing.py:95 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/kesslerio/finance-news/scripts/earnings.py:529 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/kesslerio/finance-news/scripts/earnings.py:562 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/kesslerio/finance-news/scripts/fetch_news.py:292 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/kesslerio/finance-news/scripts/fetch_news.py:757 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/kesslerio/finance-news/scripts/fetch_news.py:911 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/kesslerio/finance-news/scripts/research.py:138 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/kesslerio/finance-news/scripts/summarize.py:337 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/kesslerio/finance-news/scripts/summarize.py:889 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/kesslerio/finance-news/scripts/summarize.py:939 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/kesslerio/finance-news/scripts/summarize.py:990 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/kesslerio/finance-news/scripts/translate_portfolio.py:50 | |
| CRITICAL | Credential harvesting Bulk environment variable dump Skills should only access environment variables they explicitly need. Bulk environment dumps (os.environ.copy, JSON.stringify(process.env)) are almost always malicious. Remove access to Keychain, GPG keys, and credential stores. | Manifest | skills/kesslerio/finance-news/scripts/utils.py:19 | |
| HIGH | Unsafe environment variable passthrough Bulk environment variable harvesting Minimize environment variable exposure. Only pass required, non-sensitive variables to MCP servers. Use dedicated secret management instead of environment passthrough. | Manifest | skills/kesslerio/finance-news/scripts/utils.py:19 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'generate_and_send'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/kesslerio/finance-news/scripts/briefing.py:95 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'send_to_whatsapp'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/kesslerio/finance-news/scripts/briefing.py:31 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'get_earnings_context'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/kesslerio/finance-news/scripts/earnings.py:529 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'get_analyst_ratings'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/kesslerio/finance-news/scripts/earnings.py:562 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function '_fetch_via_openbb'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/kesslerio/finance-news/scripts/fetch_news.py:292 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'get_portfolio_symbols'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/kesslerio/finance-news/scripts/fetch_news.py:757 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'web_search_news'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/kesslerio/finance-news/scripts/fetch_news.py:911 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'research_with_gemini'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/kesslerio/finance-news/scripts/research.py:138 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'run_agent_prompt'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/kesslerio/finance-news/scripts/summarize.py:337 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'summarize_with_claude'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/kesslerio/finance-news/scripts/summarize.py:889 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'summarize_with_minimax'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/kesslerio/finance-news/scripts/summarize.py:939 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'summarize_with_gemini'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/kesslerio/finance-news/scripts/summarize.py:990 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'translate_headlines'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/kesslerio/finance-news/scripts/translate_portfolio.py:50 | |
| HIGH | Command Injection via Unsanitized User Input to External CLIs User-controlled data, such as stock tickers from `portfolio.csv` or LLM-generated text, is passed directly as arguments to external CLI tools (`openbb-quote`, `gemini`, `minimax`, `claude`, `openclaw cron add`) via `subprocess.run`. If these external tools do not sufficiently sanitize their arguments, a malicious user could inject shell commands. For example, a ticker symbol like `AAPL; rm -rf /` in `portfolio.csv` could lead to arbitrary code execution when `openbb-quote` is called. Similarly, user-provided cron expressions or timezone strings passed to `openclaw cron add` could contain malicious shell commands. Implement strict validation and sanitization for all user-controlled inputs before passing them as arguments to external command-line interfaces. For stock tickers, validate against a known pattern for valid symbols. For cron expressions and timezone strings, use a robust parsing library or whitelist allowed characters/formats. Consider using a wrapper function that explicitly escapes arguments for the target shell if direct execution is unavoidable, or ensure the external CLI itself provides robust argument parsing. | LLM | scripts/earnings.py:169 | |
| HIGH | Command Injection via Unsanitized User Input to External CLIs User-controlled data, such as stock tickers from `portfolio.csv` or LLM-generated text, is passed directly as arguments to external CLI tools (`openbb-quote`, `gemini`, `minimax`, `claude`, `openclaw cron add`) via `subprocess.run`. If these external tools do not sufficiently sanitize their arguments, a malicious user could inject shell commands. For example, a ticker symbol like `AAPL; rm -rf /` in `portfolio.csv` could lead to arbitrary code execution when `openbb-quote` is called. Similarly, user-provided cron expressions or timezone strings passed to `openclaw cron add` could contain malicious shell commands. Implement strict validation and sanitization for all user-controlled inputs before passing them as arguments to external command-line interfaces. For stock tickers, validate against a known pattern for valid symbols. For cron expressions and timezone strings, use a robust parsing library or whitelist allowed characters/formats. Consider using a wrapper function that explicitly escapes arguments for the target shell if direct execution is unavoidable, or ensure the external CLI itself provides robust argument parsing. | LLM | scripts/fetch_news.py:204 | |
| HIGH | Command Injection via Unsanitized User Input to External CLIs User-controlled data, such as stock tickers from `portfolio.csv` or LLM-generated text, is passed directly as arguments to external CLI tools (`openbb-quote`, `gemini`, `minimax`, `claude`, `openclaw cron add`) via `subprocess.run`. If these external tools do not sufficiently sanitize their arguments, a malicious user could inject shell commands. For example, a ticker symbol like `AAPL; rm -rf /` in `portfolio.csv` could lead to arbitrary code execution when `openbb-quote` is called. Similarly, user-provided cron expressions or timezone strings passed to `openclaw cron add` could contain malicious shell commands. Implement strict validation and sanitization for all user-controlled inputs before passing them as arguments to external command-line interfaces. For stock tickers, validate against a known pattern for valid symbols. For cron expressions and timezone strings, use a robust parsing library or whitelist allowed characters/formats. Consider using a wrapper function that explicitly escapes arguments for the target shell if direct execution is unavoidable, or ensure the external CLI itself provides robust argument parsing. | LLM | scripts/research.py:150 | |
| HIGH | Command Injection via Unsanitized User Input to External CLIs User-controlled data, such as stock tickers from `portfolio.csv` or LLM-generated text, is passed directly as arguments to external CLI tools (`openbb-quote`, `gemini`, `minimax`, `claude`, `openclaw cron add`) via `subprocess.run`. If these external tools do not sufficiently sanitize their arguments, a malicious user could inject shell commands. For example, a ticker symbol like `AAPL; rm -rf /` in `portfolio.csv` could lead to arbitrary code execution when `openbb-quote` is called. Similarly, user-provided cron expressions or timezone strings passed to `openclaw cron add` could contain malicious shell commands. Implement strict validation and sanitization for all user-controlled inputs before passing them as arguments to external command-line interfaces. For stock tickers, validate against a known pattern for valid symbols. For cron expressions and timezone strings, use a robust parsing library or whitelist allowed characters/formats. Consider using a wrapper function that explicitly escapes arguments for the target shell if direct execution is unavoidable, or ensure the external CLI itself provides robust argument parsing. | LLM | scripts/setup.py:200 | |
| HIGH | Command Injection via Unsanitized User Input to External CLIs User-controlled data, such as stock tickers from `portfolio.csv` or LLM-generated text, is passed directly as arguments to external CLI tools (`openbb-quote`, `gemini`, `minimax`, `claude`, `openclaw cron add`) via `subprocess.run`. If these external tools do not sufficiently sanitize their arguments, a malicious user could inject shell commands. For example, a ticker symbol like `AAPL; rm -rf /` in `portfolio.csv` could lead to arbitrary code execution when `openbb-quote` is called. Similarly, user-provided cron expressions or timezone strings passed to `openclaw cron add` could contain malicious shell commands. Implement strict validation and sanitization for all user-controlled inputs before passing them as arguments to external command-line interfaces. For stock tickers, validate against a known pattern for valid symbols. For cron expressions and timezone strings, use a robust parsing library or whitelist allowed characters/formats. Consider using a wrapper function that explicitly escapes arguments for the target shell if direct execution is unavoidable, or ensure the external CLI itself provides robust argument parsing. | LLM | scripts/summarize.py:648 | |
| HIGH | Prompt Injection in Nested LLM Call The `translate_portfolio.py` script constructs a prompt for the `openclaw agent` LLM, which includes LLM-generated `headlines` from a previous summarization step. This creates a nested prompt injection vulnerability. If the initial LLM output (headlines) contains malicious instructions, it could manipulate the `openclaw agent` LLM to perform unintended actions, exfiltrate data, or generate harmful content, despite the prompt's attempt to restrict output to JSON. Implement robust sanitization or filtering of LLM-generated content before it is used to construct prompts for subsequent LLM calls. Consider using a 'red-teaming' approach to test for potential prompt injection vectors. If possible, pass only the raw data to the nested LLM and have the LLM's system prompt handle the formatting and instructions, rather than embedding instructions within the user-controlled data. | LLM | scripts/translate_portfolio.py:39 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/kesslerio/finance-news/scripts/earnings.py:26 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/kesslerio/finance-news/scripts/fetch_news.py:18 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/kesslerio/finance-news/scripts/summarize.py:19 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/kesslerio/finance-news/scripts/venv-setup.sh:63 | |
| MEDIUM | Unpinned Python dependency version Dependency 'feedparser>=6.0.11' is not pinned to an exact version. Pin Python dependencies with exact versions where feasible. | Dependencies | skills/kesslerio/finance-news/pyproject.toml | |
| MEDIUM | Unpinned Python dependency version Requirement 'feedparser>=6.0.11' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/kesslerio/finance-news/requirements.txt:1 | |
| MEDIUM | Unpinned Python dependency version Requirement 'yfinance' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/kesslerio/finance-news/requirements.txt:2 | |
| LOW | Unpinned Dependency in requirements.txt The `yfinance` dependency in `requirements.txt` is unpinned, allowing any future version to be installed. This can lead to unexpected breaking changes or the introduction of vulnerabilities if a malicious version is published. While `pyproject.toml` specifies a minimum version, `requirements.txt` is often used for direct installation. Pin the `yfinance` dependency to a specific version (e.g., `yfinance==0.2.40`) or a compatible range (e.g., `yfinance~=0.2.40`) in `requirements.txt`. | LLM | requirements.txt:2 |
Scan History
Embed Code
[](https://skillshield.io/report/b3a79663fa4bb7d1)
Powered by SkillShield