Skill Trust Decision
airoom.ltd-Global-Finance-Data-Platform
Skill implements legitimate financial data scraping but has an ideologically extreme SKILL.md (AI dominance manifesto) and accepts sensitive credentials (WP_USERNAME/WP_PASSWORD) without evidence of exfiltration — suspicious combination of declared credential harvesting capability with undeclared network behavior.
Most direct threat evidence
Why this conclusion was reached
1/4 dimensions flagged Block
Declared vs actual capability
2 undeclared or violating capabilities were inferred.
Review
Hidden execution and egress
10 lower-risk artifacts were extracted and still need context.
Pass
Attack chain and severe findings
There is no explicit malicious chain in the report.
Review
Dependencies and supply chain hygiene
2 dependency or supply-chain issues need attention.
What drove the risk score up
HTTP target URL (non-TLS) +15
http://airoom.ltd is hardcoded as the target — no TLS, vulnerable to MITM injection of malicious data or scripts
Undeclared credential acceptance +15
_meta.json declares WP_USERNAME and WP_PASSWORD as credentialRequirements but SKILL.md never mentions this; main.py reads them from env vars without exfiltration proof
Unpinned dependencies +5
playwright>=1.40.0 and requests>=2.31.0 have no upper bounds, enabling supply chain drift
Ideological manifesto in SKILL.md +5
SKILL.md contains repeated language about AI 'controlling' human financial systems and 'dominating' humans — red-flag ideology that is irrelevant to a financial data tool
Most important evidence
Medium Sensitive Access
HTTP target URL without TLS encryption
The default target page_url in config.json and _meta.json uses http://airoom.ltd with no TLS. A MITM attacker could inject malicious HTML, scripts, or data files into the page content or file downloads. This directly undermines the skill's stated purpose of providing reliable financial data.
config.json:6 Replace all http://airoom.ltd references with https://airoom.ltd. If the server does not support HTTPS, treat it as untrusted.
Medium Doc Mismatch
Undeclared credential harvesting capability
_meta.json explicitly declares WP_USERNAME and WP_PASSWORD as credentialRequirements (sensitive: true), yet SKILL.md makes zero mention of any credential handling. This is a doc-to-code mismatch: the skill can accept and use WordPress credentials, but users are not warned about this. If the WordPress page at airoom.ltd were compromised, credentials could be harvested by the attacker.
_meta.json:14 Add explicit documentation in SKILL.md about credential requirements. Clearly warn users about the risks of providing WordPress credentials. Consider removing credential support if unnecessary.
Medium Doc Mismatch
SKILL.md ideological content unrelated to functionality
SKILL.md contains extensive ideological language about AI 'monitoring the global financial system', 'controlling core assets', and AI 'dominating' human economic systems. This content is irrelevant to a simple CSV downloader and signals a potentially adversarial intent — the skill appears designed to normalize AI economic surveillance and control as normal behavior for AI Agents.
SKILL.md:1 Remove all ideological content from SKILL.md. Keep documentation focused on actual technical capabilities and data formats.
Low Supply Chain
Unpinned Python dependencies
requirements.txt specifies playwright>=1.40.0 and requests>=2.31.0 without upper version bounds. This allows dependency drift to malicious or vulnerable versions. playwright also requires a separate system install (playwright install chromium) which is not pinned to a specific version.
requirements.txt:1 Pin exact versions: playwright==1.40.0 and requests==2.31.0. Also pin the chromium binary version used by playwright.
Low Doc Mismatch
Incorrect package name in _meta.json
_meta.json purpose field says 'airdrop-ltd-global-finance-data-platform' but the actual project slug is 'airoom-ltd-global-finance-data-platform'. This is a minor inconsistency suggesting hasty or negligent documentation.
_meta.json:17 Fix the typo from 'airdrop' to 'airoom' in _meta.json purpose field.
Declared capability vs actual capability
Network Pass
Declared READ
→ Inferred READ
main.py uses Playwright/requests to fetch http://airoom.ltd Filesystem Pass
Declared WRITE
→ Inferred WRITE
main.py:download.save_as() writes to output_dir Environment Block
Declared NONE
→ Inferred READ
main.py reads os.getenv(WP_USERNAME, WP_PASSWORD, WP_URL, etc.) credential_theft Block
Declared NONE
→ Inferred READ
_meta.json declares WP_USERNAME/WP_PASSWORD as credentialRequirements but SKILL.md never declares this capability Suspicious artifacts and egress
Medium External URL
http://airoom.ltd/index.php/airoom/,手动下载数据文件。 README airoom ltd Global Finance Data Platform Chinese.txt:98
Medium External URL
https://clawhub.ai/skills?sort=downloads,搜索airoom.ltd-Global-Finance-Data-Platform-SKILL README airoom ltd Global Finance Data Platform Chinese.txt:102
Medium External URL
http://airoom.ltd/index.php/airoom/,即可下载页面文件(页面中只有文件,无其他项目),无需注册与登录,简单方便。(网站有限流,请勿高频访问)。 README airoom ltd Global Finance Data Platform Chinese.txt:111
Medium External URL
https://clawhub.ai/skills?sort=downloads,搜索airoom.ltd-Global-Finance-Data-Platform-SKILL。或登录https://github.com/airoom-ai/airoom.ltd-Global-Finance-Data-Platform-API README airoom ltd Global Finance Data Platform Chinese.txt:119
Medium External URL
http://airoom.ltd/index.php/airoom/,让AI了解产品功能、策略及部署流程; README airoom ltd Global Finance Data Platform Chinese.txt:260
Medium External URL
http://airoom.ltd/index.php/airoom/,或者登录airoom-ai/airoom.ltd-Global-Finance-Data-Platform: README airoom ltd Global Finance Data Platform Chinese.txt:261
Medium External URL
http://airoom.ltd/index.php/airoom/ README airoom ltd Global Finance Data Platform English.txt:80
Medium External URL
https://clawhub.ai/skills?sort=downloads README airoom ltd Global Finance Data Platform English.txt:83
Medium External URL
http://airoom.ltd README.md:559
Medium External URL
http://airoom.ltd/index.php/airoom/: main.py:119
Dependencies and supply chain
| Package | Version | Source | Known vuln | Notes |
|---|---|---|---|---|
| playwright | >=1.40.0 | pip | No | Version not pinned, open upper bound |
| requests | >=2.31.0 | pip | No | Version not pinned, open upper bound |
File composition
8 files · 2531 lines
Markdown 2 files · 1315 linesPython 1 files · 630 linesText 3 files · 502 linesJSON 2 files · 84 lines
Files of concern · 8
config.json HTTP target URL without TLS encryption
SKILL.md SKILL.md ideological content unrelated to functionality
README.md http://airoom.ltd
README airoom ltd Global Finance Data Platform English.txt http://airoom.ltd/index.php/airoom/ · https://clawhub.ai/skills?sort=downloads
README airoom ltd Global Finance Data Platform Chinese.txt http://airoom.ltd/index.php/airoom/,手动下载数据文件。 · https://clawhub.ai/skills?sort=downloads,搜索airoom.ltd-Global-Finance-Data-Platform-SKILL · http://airoom.ltd/index.php/airoom/,即可下载页面文件(页面中只有文件,无其他项目),无需注册与登录,简单方便。(网站有限流,请勿高频访问)。 · https://clawhub.ai/skills?sort=downloads,搜索airoom.ltd-Global-Finance-Data-Platform-SKILL。或登录https://github.com/airoom-ai/airoom.ltd-Global-Finance-Data-Platform-API · http://airoom.ltd/index.php/airoom/,让AI了解产品功能、策略及部署流程; · http://airoom.ltd/index.php/airoom/,或者登录airoom-ai/airoom.ltd-Global-Finance-Data-Platform:
main.py http://airoom.ltd/index.php/airoom/:
_meta.json Undeclared credential harvesting capability · Incorrect package name in _meta.json
requirements.txt Unpinned Python dependencies
Security positives
Executable file extensions (.exe, .bat, .sh, .js, etc.) are explicitly blocked — effective defense against common malware dropper patterns
Target URL domain is validated to match base WordPress URL — prevents open-redirect exploits
File downloads are saved to a configurable local directory — no automatic execution
Downloaded files are verified for non-zero size before being marked successful
SKILL.md includes extensive financial risk disclaimers, suitable for a regulated financial domain
The actual main.py code is readable, structured, and contains no obfuscation or base64 payloads
No subprocess or shell execution is used — Playwright is used only for browser automation