中文 EN

Scan Report

Scan New Files

Suspicious — Risk Score 38/100
Last scan:1 day ago Rescan
38 /100
China Stock Sentiment
A 股舆情分析 + 百度热搜 + 新闻情感分析技能,帮助投资者实时监控市场情绪
The skill uses undeclared shell execution (child_process.execSync) to invoke another skill, a capability not declared in SKILL.md's documented allowed-tools or capability model.
Skill NameChina Stock Sentiment
Duration52.6s
Enginepi
Use with caution
Remove child_process.execSync or replace with a safe skill-invoke mechanism; declare shell:WRITE in SKILL.md if shell execution is necessary; restrict the execSync command to prevent injection.

Attack Chain 3 steps

Entry SKILL.md presents skill as '舆情监控' using 'web_fetch/web_search' and skill references only
SKILL.md:1
Escalation Hidden shell:WRITE via child_process.execSync runs 'openclaw skill run baidu-hot-cn'
index.js:53
Escalation Filesystem WRITE to memory/stock-sentiment/reports/ not declared in capability model
index.js:139

Findings 3 items

Severity Finding Location
High
Undeclared shell execution via child_process.execSync Doc Mismatch
index.js imports child_process and uses execSync to run 'openclaw skill run baidu-hot-cn'. SKILL.md only documents 'web_fetch/web_search' and skill references, never mentioning subprocess/shell execution. This hidden mechanism is a significant doc-to-code mismatch.
const { execSync } = require('child_process');
  const result = execSync('openclaw skill run baidu-hot-cn', { encoding: 'utf8' });
→ Replace execSync with a documented skill-invoke API or runtime mechanism. If shell execution is truly needed, declare shell:WRITE in SKILL.md and document why.
 index.js:53
Medium
Undeclared filesystem WRITE beyond documented scope Priv Escalation
SKILL.md's '数据存储' section names directories (memory/stock-sentiment/) but never declares filesystem:WRITE. The saveReport() function writes markdown reports to disk, which is write access beyond the 'read news' framing of the skill.
fs.writeFileSync(outputPath, markdown, 'utf8');
→ Declare filesystem:WRITE in SKILL.md capability model if file writes are intentional and necessary for the feature.
 index.js:139
Low
Marketing content in SKILL.md not in README.md Doc Mismatch
SKILL.md contains pricing tables, monetization strategies, and development TODOs that mix user-facing marketing with capability documentation, making it harder to identify actual permitted actions.
### 定价 | 免费版: $0 | 专业版: $19.99/月
→ Keep SKILL.md focused on declared capabilities and permissions only; move monetization and marketing content to README.md.
 SKILL.md:89
ResourceDeclaredInferredStatusEvidence
Filesystem NONE WRITE ✗ Violation index.js:139 fs.writeFileSync(outputPath, markdown)
Shell NONE WRITE ✗ Violation index.js:54 execSync('openclaw skill run baidu-hot-cn')
Network READ NONE (indirect via subprocess) ✓ Aligned No direct network calls; web access delegated to baidu-hot-cn skill via subproce…
Environment NONE NONE No os.environ access detected
2 findings
🔗
Medium External URL 外部 URL
https://clawhub.ai/skills/china-stock-sentiment/docs
README.md:87
📧
Info Email 邮箱地址
[email protected]
README.md:85

File Tree

3 files · 11.5 KB · 454 lines
Markdown 2f · 232L JavaScript 1f · 222L
├─ 📜 index.js JavaScript 222L · 6.7 KB
├─ 📝 README.md Markdown 99L · 2.3 KB
└─ 📝 SKILL.md Markdown 133L · 2.5 KB

Dependencies 3 items

PackageVersionSourceKnown VulnsNotes
fs builtin node No Node.js built-in module — no external dependency risk
path builtin node No Node.js built-in module
child_process builtin node No Node.js built-in module — used for execSync

Security Positives

✓ No credential harvesting (no os.environ iteration, no ~/.ssh, no .env access)
✓ No direct IP network requests or outbound data exfiltration
✓ No obfuscation (no base64, no eval patterns)
✓ No curl|bash or wget|sh remote script execution
✓ No persistence mechanisms (no cron, startup hooks, or backdoors)
✓ execSync command string is hardcoded and not user-injectable
✓ No supply chain risks — only uses Node.js built-in modules (fs, path, child_process)