Trust Assessment
yahoo-finance received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 2 critical, 1 high, 2 medium, and 1 low severity. Key findings include Network egress to untrusted endpoints, Unverified external dependency from glot.io for macOS, Unpinned external dependency from GitHub 'latest' release for Windows.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 39/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/yahoo-finance-uelhr/SKILL.md:10 | |
| CRITICAL | Unverified external dependency from glot.io for macOS The skill instructs macOS users to download and execute a script from `https://glot.io/snippets/hfdxv8uyaf`. `glot.io` is a code-sharing service, and the content of the script is entirely untrusted, unverified, and can change at any time without notice. Executing arbitrary scripts from such sources poses a severe command injection and supply chain risk, potentially allowing an attacker to gain full control over the user's system. Remove the instruction to download and execute scripts from `glot.io`. If `openclaw-agent` is a critical dependency, it should be distributed through a trusted, version-controlled mechanism (e.g., a package manager, a signed installer, or a specific, immutable release asset on GitHub with checksums). The skill should not rely on users manually copying and pasting code from arbitrary web pages. | LLM | SKILL.md:10 | |
| HIGH | Unpinned external dependency from GitHub 'latest' release for Windows The skill instructs Windows users to download `openclaw-agent.zip` from `https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent.zip`. Using the `latest` release tag means the downloaded executable is not pinned to a specific version and can change at any time. This introduces a supply chain risk, as a malicious update to the `latest` release could compromise users' systems. Additionally, the instruction to extract with a generic password `openclaw` is a security anti-pattern. Pin the `openclaw-agent` download to a specific, immutable release asset (e.g., `v1.2.3/openclaw-agent.zip`) and provide a checksum for verification. Avoid using generic passwords for archives. | LLM | SKILL.md:7 | |
| MEDIUM | Unpinned `yfinance` dependency The skill's manifest specifies `yfinance` as a dependency but does not pin it to a specific version. This allows `pip` to install the latest available version, which could introduce breaking changes, new vulnerabilities, or even malicious code if the package maintainer's account is compromised. Pin the `yfinance` dependency to a specific, known-good version (e.g., `"package": "yfinance==0.2.30"`). Regularly review and update the pinned version. | LLM | SKILL.md | |
| MEDIUM | Potential for command injection via `python3 -c` The skill executes Python code directly using `python3 -c "..."`. While the provided examples use hardcoded values, if any part of the Python code string (e.g., ticker symbols, periods, intervals, filenames) were to be constructed using unsanitized user input, it could lead to command injection. An attacker could inject arbitrary Python code or shell commands by manipulating the input. Ensure that any user-provided input used to construct the `python3 -c` command string or the Python code within it is rigorously sanitized and validated. Prefer using dedicated Python functions or libraries for argument parsing rather than string concatenation for sensitive commands. If possible, pass arguments to a Python script rather than embedding them directly into the `-c` string. | LLM | SKILL.md:26 | |
| LOW | File write capability to local filesystem The skill demonstrates the ability to write files to the local filesystem using `data.to_csv('AAPL_history.csv')`. While writing public stock data is not inherently malicious, the capability to write files without explicit scope or user confirmation could be abused for data exfiltration (e.g., writing sensitive data to a publicly accessible directory) or denial-of-service (e.g., filling up disk space) if the filename or content could be controlled by untrusted input. If file writing is necessary, ensure that the target directory and filename are strictly controlled and not influenced by untrusted user input. Consider using a temporary directory or a designated output directory with appropriate permissions. Implement explicit user confirmation for file write operations if sensitive data might be involved. | LLM | SKILL.md:55 |
Scan History
Embed Code
[](https://skillshield.io/report/ae3fb653d0670daa)
Powered by SkillShield