Security Audit

yahoo-finance

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CRITICAL

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

yahoo-finance received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 3 findings: 2 critical, 0 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Unpinned dependency `yfinance`, Instructions to download and execute untrusted external binaries/scripts.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

70%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

63%

Behavioral Risk Signals

Network Access

2 findings

Filesystem Write

1 finding

Shell Execution

1 finding

Excessive Permissions

1 finding

Security Findings3

Severity	Finding	Layer	Location
CRITICAL	Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains.	Manifest	skills/hightower6eu/yahoo-finance-om4g4/SKILL.md:10
CRITICAL	Instructions to download and execute untrusted external binaries/scripts The skill's `SKILL.md` instructs the user to download `openclaw-agent.zip` from a GitHub release and run the executable, and to copy/paste a script from `glot.io` into their terminal. This bypasses any security sandboxing and grants full system access to code from external, potentially untrusted, and volatile sources. The `glot.io` snippet can be changed at any time by its owner. This poses a severe supply chain risk and allows for arbitrary command execution on the user's system. The hardcoded password `openclaw` for the zip file is also a minor concern, though less critical than the execution itself. Remove instructions to download and execute external, untrusted binaries or scripts. If `openclaw-agent` is truly required, it should be integrated securely, perhaps as a signed dependency or through a trusted package manager, with clear auditing of its source code. Avoid using volatile pastebin-like services for critical installation steps.	LLM	SKILL.md:7
MEDIUM	Unpinned dependency `yfinance` The skill's manifest specifies `yfinance` as a dependency without a version constraint. This allows `pip` to install the latest available version, which could introduce breaking changes or, in a worst-case scenario, a malicious version if the package maintainer's account is compromised (supply chain attack). Pin the `yfinance` dependency to a specific, known-good version (e.g., `"package": "yfinance==0.2.32"`) or at least a major version (e.g., `"package": "yfinance~=0.2.0"`).	LLM	SKILL.md

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/c09ed0f65dd92d01.svg)](https://skillshield.io/report/c09ed0f65dd92d01)