Skill Trust Decision

fund-daily

Name: fund-daily Trust Review Report
Item: fund-daily
Rating: 50
Author: ClawSafe

Skill performs multiple undeclared network requests and subprocess execution, with hardcoded credentials exposed in source code.

Install decision first Source: Manual upload Scanned: Apr 5, 2026

Files 4

Artifacts 4

Violations 4

Findings 5

Most direct threat evidence

Why this conclusion was reached

1/4 dimensions flagged

Block

Declared vs actual capability

4 undeclared or violating capabilities were inferred.

Review

Hidden execution and egress

4 lower-risk artifacts were extracted and still need context.

Pass

Attack chain and severe findings

There is no explicit malicious chain in the report.

Review

Dependencies and supply chain hygiene

2 dependency or supply-chain issues need attention.

What drove the risk score up

Undeclared network access +20

Makes HTTP requests to fund APIs and Telegram API without declaring network:READ/WRITE in capabilities

Undeclared subprocess execution +15

Uses subprocess.run() to invoke news-market script without documentation

Hardcoded credentials +10

Telegram bot token and chat ID exposed in source code (lines 85-86)

Undeclared filesystem write +10

Writes Word documents to D:\System\Desktop\基金日报 without declaring filesystem:WRITE

Unpinned dependencies +5

requirements.txt has no version pins, risking supply chain issues

Most important evidence

Medium Doc Mismatch

Undeclared network API access

SKILL.md declares no network permissions but the script makes HTTP GET requests to multiple external APIs (天天基金网, Telegram) to fetch fund data and send messages.

fund_daily.py:155

Declare network:READ for API data fetching and network:WRITE for Telegram notifications in SKILL.md

Medium Doc Mismatch

Undeclared subprocess execution

Script uses subprocess.run() to execute a local Python script for news aggregation without documenting this behavior. The target path is hardcoded to a specific Windows user directory.

fund_daily.py:157

Document shell:WRITE permission and the dependency on news-market skill

Medium Credential Theft

Hardcoded Telegram credentials

Telegram bot token and chat ID are hardcoded directly in the source code. This exposes sensitive credentials and violates secure coding practices.

fund_daily.py:85

Move credentials to environment variables: os.environ.get('TELEGRAM_BOT_TOKEN')

Low Doc Mismatch

Undeclared filesystem write operation

Script writes Word documents to D:\System\Desktop\基金日报 without declaring filesystem:WRITE permission in SKILL.md.

fund_daily.py:340

Declare filesystem:WRITE permission for Word document generation

Low Supply Chain

Unpinned Python dependencies

requirements.txt specifies 'requests' and 'python-docx' without version constraints, potentially allowing malicious replacement if package is typosquatted.

requirements.txt:1

Pin versions: requests>=2.28.0, python-docx>=0.8.11

Declared capability vs actual capability

Network Block

Declared NONE

→

Inferred READ+WRITE

fund_daily.py:155-163 (HTTP requests to fundgz.1234567.com.cn, api.fund.eastmoney.com, api.telegram.org)

Shell Block

Declared NONE

→

Inferred WRITE

fund_daily.py:155-163 (subprocess.run() executes python script)

Filesystem Block

Declared NONE

→

Inferred WRITE

fund_daily.py:340-348 (creates directories and saves Word documents)

Skill Invoke Block

Declared NONE

→

Inferred READ

fund_daily.py:155 (invokes news-market skill script)

Suspicious artifacts and egress

Medium External URL

http://fundgz.1234567.com.cn/js/

fund_daily.py:155

Medium External URL

http://fund.eastmoney.com/

fund_daily.py:158

Medium External URL

http://api.fund.eastmoney.com/f10/lsjz

fund_daily.py:216

Medium External URL

https://api.telegram.org/bot

fund_daily.py:309

Dependencies and supply chain

Package	Version	Source	Known vuln	Notes
requests	`*`	pip	No	Version not pinned - risk of supply chain attack
python-docx	`*`	pip	No	Version not pinned - risk of supply chain attack

File composition

4 files · 950 lines

Python 1 files · 581 linesMarkdown 2 files · 367 linesText 1 files · 2 lines

Files of concern · 2

fund_daily.py Python · 581 lines

Undeclared network API access · Undeclared subprocess execution · Hardcoded Telegram credentials · Undeclared filesystem write operation · http://fundgz.1234567.com.cn/js/ · http://fund.eastmoney.com/ · http://api.fund.eastmoney.com/f10/lsjz · https://api.telegram.org/bot

requirements.txt Text · 2 lines

Unpinned Python dependencies

Other files · SKILL.md · README.md

Security positives

No evidence of credential harvesting beyond required Telegram tokens

No base64-encoded or obfuscated code detected

No reverse shell or C2 communication patterns found

No access to sensitive paths like ~/.ssh, ~/.aws, or .env files

No hidden functionality beyond legitimate fund data fetching

Subprocess usage serves documented feature (news aggregation) rather than malicious purpose