China Stock Sentiment 安全扫描报告 — 可疑 | ClawSafe

38 /100

China Stock Sentiment

A 股舆情分析 + 百度热搜 + 新闻情感分析技能，帮助投资者实时监控市场情绪

The skill uses undeclared shell execution (child_process.execSync) to invoke another skill, a capability not declared in SKILL.md's documented allowed-tools or capability model.

技能名称China Stock Sentiment

分析耗时52.6s

引擎pi

⚠

谨慎使用

Remove child_process.execSync or replace with a safe skill-invoke mechanism; declare shell:WRITE in SKILL.md if shell execution is necessary; restrict the execSync command to prevent injection.

攻击链 3 步

◎

入口 SKILL.md presents skill as '舆情监控' using 'web_fetch/web_search' and skill references only

SKILL.md:1

⬡

提权 Hidden shell:WRITE via child_process.execSync runs 'openclaw skill run baidu-hot-cn'

index.js:53

⬡

提权 Filesystem WRITE to memory/stock-sentiment/reports/ not declared in capability model

index.js:139

安全发现 3 项

严重性	安全发现	位置
高危	Undeclared shell execution via child_process.execSync 文档欺骗 index.js imports child_process and uses execSync to run 'openclaw skill run baidu-hot-cn'. SKILL.md only documents 'web_fetch/web_search' and skill references, never mentioning subprocess/shell execution. This hidden mechanism is a significant doc-to-code mismatch. `const { execSync } = require('child_process'); const result = execSync('openclaw skill run baidu-hot-cn', { encoding: 'utf8' });` → Replace execSync with a documented skill-invoke API or runtime mechanism. If shell execution is truly needed, declare shell:WRITE in SKILL.md and document why.	`index.js:53`
中危	Undeclared filesystem WRITE beyond documented scope 权限提升 SKILL.md's '数据存储' section names directories (memory/stock-sentiment/) but never declares filesystem:WRITE. The saveReport() function writes markdown reports to disk, which is write access beyond the 'read news' framing of the skill. `fs.writeFileSync(outputPath, markdown, 'utf8');` → Declare filesystem:WRITE in SKILL.md capability model if file writes are intentional and necessary for the feature.	`index.js:139`
低危	Marketing content in SKILL.md not in README.md 文档欺骗 SKILL.md contains pricing tables, monetization strategies, and development TODOs that mix user-facing marketing with capability documentation, making it harder to identify actual permitted actions. `### 定价 \| 免费版: $0 \| 专业版: $19.99/月` → Keep SKILL.md focused on declared capabilities and permissions only; move monetization and marketing content to README.md.	`SKILL.md:89`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`WRITE`	✗ 越权	index.js:139 fs.writeFileSync(outputPath, markdown)
命令执行	`NONE`	`WRITE`	✗ 越权	index.js:54 execSync('openclaw skill run baidu-hot-cn')
网络访问	`READ`	`NONE (indirect via subprocess)`	✓ 一致	No direct network calls; web access delegated to baidu-hot-cn skill via subproce…
环境变量	`NONE`	`NONE`	—	No os.environ access detected

2 项发现

🔗

中危外部 URL 外部 URL

https://clawhub.ai/skills/china-stock-sentiment/docs

README.md:87

📧

提示邮箱邮箱地址

[email protected]

README.md:85

目录结构

3 文件 · 11.5 KB · 454 行

Markdown 2f · 232L JavaScript 1f · 222L

├─ 📜 index.js JavaScript 222L · 6.7 KB

├─ 📝 README.md Markdown 99L · 2.3 KB

└─ 📝 SKILL.md Markdown 133L · 2.5 KB

依赖分析 3 项

包名	版本	来源	已知漏洞	备注
`fs`	`builtin`	node	否	Node.js built-in module — no external dependency risk
`path`	`builtin`	node	否	Node.js built-in module
`child_process`	`builtin`	node	否	Node.js built-in module — used for execSync

安全亮点

✓ No credential harvesting (no os.environ iteration, no ~/.ssh, no .env access)

✓ No direct IP network requests or outbound data exfiltration

✓ No obfuscation (no base64, no eval patterns)

✓ No curl|bash or wget|sh remote script execution

✓ No persistence mechanisms (no cron, startup hooks, or backdoors)

✓ execSync command string is hardcoded and not user-injectable

✓ No supply chain risks — only uses Node.js built-in modules (fs, path, child_process)