fund-daily 安全扫描报告 — 可疑 | ClawSafe

50 /100

fund-daily

自动生成基金日报，包含持仓基金数据、估值涨跌、单位净值和财经要闻

Skill performs multiple undeclared network requests and subprocess execution, with hardcoded credentials exposed in source code.

技能名称fund-daily

分析耗时57.8s

引擎pi

⚠

谨慎使用

1) Declare network:READ and network:WRITE permissions for API calls; 2) Document subprocess usage in SKILL.md; 3) Move Telegram credentials to environment variables instead of hardcoding; 4) Pin dependency versions in requirements.txt

安全发现 5 项

严重性	安全发现	位置
中危	Undeclared network API access 文档欺骗 SKILL.md declares no network permissions but the script makes HTTP GET requests to multiple external APIs (天天基金网, Telegram) to fetch fund data and send messages. `response = requests.get(url, headers=headers, timeout=10)` → Declare network:READ for API data fetching and network:WRITE for Telegram notifications in SKILL.md	`fund_daily.py:155`
中危	Undeclared subprocess execution 文档欺骗 Script uses subprocess.run() to execute a local Python script for news aggregation without documenting this behavior. The target path is hardcoded to a specific Windows user directory. `subprocess.run(['python', script_path, 'category', '--cat', 'securities', '--limit', str(limit)])` → Document shell:WRITE permission and the dependency on news-market skill	`fund_daily.py:157`
中危	Hardcoded Telegram credentials 凭证窃取 Telegram bot token and chat ID are hardcoded directly in the source code. This exposes sensitive credentials and violates secure coding practices. `TELEGRAM_BOT_TOKEN = "8599058765:AAH_4PW048zLJxGQ2BosnG2uh3bRwAeu8XA"` → Move credentials to environment variables: os.environ.get('TELEGRAM_BOT_TOKEN')	`fund_daily.py:85`
低危	Undeclared filesystem write operation 文档欺骗 Script writes Word documents to D:\System\Desktop\基金日报 without declaring filesystem:WRITE permission in SKILL.md. `os.makedirs(output_dir) doc.save(output_path)` → Declare filesystem:WRITE permission for Word document generation	`fund_daily.py:340`
低危	Unpinned Python dependencies 供应链 requirements.txt specifies 'requests' and 'python-docx' without version constraints, potentially allowing malicious replacement if package is typosquatted. `requests python-docx` → Pin versions: requests>=2.28.0, python-docx>=0.8.11	`requirements.txt:1`

资源类型	声明权限	推断权限	状态	证据
网络访问	`NONE`	`READ+WRITE`	✗ 越权	fund_daily.py:155-163 (HTTP requests to fundgz.1234567.com.cn, api.fund.eastmone…
命令执行	`NONE`	`WRITE`	✗ 越权	fund_daily.py:155-163 (subprocess.run() executes python script)
文件系统	`NONE`	`WRITE`	✗ 越权	fund_daily.py:340-348 (creates directories and saves Word documents)
技能调用	`NONE`	`READ`	✗ 越权	fund_daily.py:155 (invokes news-market skill script)

4 项发现

🔗

中危外部 URL 外部 URL

http://fundgz.1234567.com.cn/js/

fund_daily.py:155

🔗

中危外部 URL 外部 URL

http://fund.eastmoney.com/

fund_daily.py:158

🔗

中危外部 URL 外部 URL

http://api.fund.eastmoney.com/f10/lsjz

fund_daily.py:216

🔗

中危外部 URL 外部 URL

https://api.telegram.org/bot

fund_daily.py:309

目录结构

4 文件 · 27.2 KB · 950 行

Python 1f · 581L Markdown 2f · 367L Text 1f · 2L

├─ 🐍 fund_daily.py Python 581L · 20.3 KB

├─ 📝 README.md Markdown 145L · 2.5 KB

├─ 📄 requirements.txt Text 2L · 21 B

└─ 📝 SKILL.md Markdown 222L · 4.3 KB

依赖分析 2 项

包名	版本	来源	已知漏洞	备注
`requests`	`*`	pip	否	Version not pinned - risk of supply chain attack
`python-docx`	`*`	pip	否	Version not pinned - risk of supply chain attack

安全亮点

✓ No evidence of credential harvesting beyond required Telegram tokens

✓ No base64-encoded or obfuscated code detected

✓ No reverse shell or C2 communication patterns found

✓ No access to sensitive paths like ~/.ssh, ~/.aws, or .env files

✓ No hidden functionality beyond legitimate fund data fetching

✓ Subprocess usage serves documented feature (news aggregation) rather than malicious purpose