Trust Assessment
finance-news received a trust score of 68/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 2 high, 1 medium, and 1 low severity. Key findings include Potential Command Injection via user-controlled file path, Excessive Permissions: Arbitrary WhatsApp Group Sending, Potential Credential Storage in Plaintext Configuration File.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 61/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via user-controlled file path The `finance-news portfolio-import` command allows users to specify an arbitrary file path (e.g., `~/my_stocks.csv`). If the underlying implementation does not properly sanitize this path before using it in a shell command (e.g., `subprocess.run` with `shell=True`, or `os.system`), an attacker could inject malicious commands. For example, providing a path like `'; rm -rf /; #'` could lead to arbitrary code execution. Even if not directly executed, reading arbitrary files from the user's home directory without strict validation is a security risk. Implement robust input validation and sanitization for all user-provided file paths. When executing external commands, use `subprocess.run` with `shell=False` and pass arguments as a list. Ensure the file reading mechanism only accesses expected file types and locations. | LLM | SKILL.md:100 | |
| HIGH | Excessive Permissions: Arbitrary WhatsApp Group Sending The `finance-news briefing` command allows users to specify an arbitrary WhatsApp group via the `--group` argument (e.g., `--group "Market Briefing"`). If the underlying `openclaw message tool` or the skill's scripts do not validate or restrict the target group, an attacker could potentially send messages to any WhatsApp group they can name. This could be abused for spam, phishing, or even data exfiltration by sending sensitive information (if injected into the briefing content) to an attacker-controlled group. Implement strict validation for the `--group` argument. Only allow sending to pre-approved or user-configured groups. Consider requiring explicit user confirmation for sending to new groups. Ensure the `openclaw message tool` itself has robust access controls. | LLM | SKILL.md:138 | |
| MEDIUM | Potential Credential Storage in Plaintext Configuration File The `config/config.json` file is described as containing "RSS/API/language configuration". It is highly probable that "API configuration" includes sensitive API keys or tokens for services like Finnhub or premium RSS feeds. Storing such credentials in a plaintext JSON file on the filesystem is a security risk, as it makes them vulnerable to unauthorized access by other processes, malware, or potential exfiltration if the skill itself is compromised (e.g., via data exfiltration vectors). Avoid storing sensitive credentials directly in plaintext configuration files. Instead, use secure credential management systems (e.g., environment variables, a dedicated secrets manager, or a secure vault). If local storage is unavoidable, ensure the file has strict permissions (e.g., `chmod 600`) and is encrypted at rest. | LLM | SKILL.md:160 | |
| LOW | Unpinned Python Dependency The skill's `Dependencies` section instructs users to install `feedparser` using `pip install feedparser` without specifying a version. This practice can lead to supply chain vulnerabilities, as a future version of the library might introduce breaking changes or security flaws, or a typosquatted package could be installed. Without a pinned version, the build is not reproducible and relies on the integrity of the package index at the time of installation. Pin all Python dependencies to specific versions in a `requirements.txt` file (e.g., `feedparser==x.y.z`) or within the `Dockerfile`. Use a dependency management tool that enforces version pinning. | LLM | SKILL.md:209 |
Scan History
Embed Code
[](https://skillshield.io/report/2cfa87a86be1f0c0)
Powered by SkillShield