Trust Assessment
stock-watcher received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 11 findings: 0 critical, 5 high, 6 medium, and 0 low severity. Key findings include Unsafe deserialization / dynamic eval, Suspicious import: requests, Sensitive path access: AI agent config.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 12/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings11
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/robin797860/stock-watcher/SKILL.md:41 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/robin797860/stock-watcher/scripts/install.sh:9 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/robin797860/stock-watcher/scripts/install.sh:25 | |
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/robin797860/stock-watcher/scripts/install.sh:26 | |
| HIGH | Unvalidated stock code allows URL path injection The `stock_code` parameter, provided by the user (or LLM) via `sys.argv`, is directly interpolated into a URL path without validation in `scripts/add_stock.py`. Although the skill documentation states `stock_code` should be a 6-digit number, the Python code does not enforce this. An attacker could provide a malicious string (e.g., `../internal/api` or `admin/config`) as `stock_code`, causing the skill to make requests to arbitrary paths on `https://stockpage.10jqka.com.cn/`. This could lead to information disclosure from the target server (e.g., internal API endpoints, sensitive files if path traversal is possible on the target) or unexpected behavior, which is a form of limited Server-Side Request Forgery (SSRF) or URL path injection. This vulnerability propagates to `scripts/summarize_performance.py` as it reads `stock_code` from the watchlist file populated by `add_stock.py`. Implement strict validation for `stock_code` to ensure it matches the expected 6-digit numeric format (e.g., using a regular expression `^\d{6}$`) before using it in the URL. This validation should be applied at the point of input (e.g., in `add_stock.py` when processing `sys.argv`) and ideally when reading from the watchlist file in `summarize_performance.py` to ensure robustness. | LLM | scripts/add_stock.py:20 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/robin797860/stock-watcher/scripts/summarize_performance.py:5 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/robin797860/stock-watcher/scripts/add_stock.py:8 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/robin797860/stock-watcher/scripts/summarize_performance.py:9 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/robin797860/stock-watcher/scripts/install.sh:12 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/robin797860/stock-watcher/scripts/uninstall.sh:7 | |
| MEDIUM | Unpinned Python dependencies The `install.sh` script suggests installing Python packages `requests` and `beautifulsoup4` without specifying exact versions. This practice of using unpinned dependencies can lead to non-deterministic builds, unexpected behavior, or the introduction of vulnerabilities if a new version of a dependency contains a flaw. It makes the skill susceptible to supply chain attacks if a malicious version of a dependency is published. Create a `requirements.txt` file with pinned versions for all Python dependencies (e.g., `requests==2.28.1`, `beautifulsoup4==4.11.1`). Modify `scripts/install.sh` to use `pip install -r requirements.txt` to ensure consistent and secure dependency installation. | LLM | scripts/install.sh:17 |
Scan History
Embed Code
[](https://skillshield.io/report/599aaf7e7778c8ae)
Powered by SkillShield