stock-monitor Security Report — Low Risk | ClawSafe

20 /100

stock-monitor

全功能智能股票监控预警系统 — Chinese A-share stock monitor with 7 alert rules, AI analysis (Kimi/DeepSeek), and trading signal generation

Legitimate stock monitoring tool with no malicious behavior, but SKILL.md omits shell execution and filesystem write permissions required for daemon operation.

Skill Namestock-monitor

Duration71.9s

Enginepi

✓

Safe to install

Update SKILL.md to declare shell:WRITE (for control.sh daemon management), filesystem:WRITE (for PID/log files at ~/.stock_monitor/), and document the network API endpoints used.

Findings 6 items

Severity	Finding	Location
Medium	Shell execution not declared in SKILL.md Doc Mismatch cron_check.py uses subprocess.run() with shell=True to invoke 'openclaw message send' CLI. control.sh launches a Python daemon with nohup. SKILL.md lists no allowed-tools entries, leaving these behaviors completely undeclared. `subprocess.run(cmd, capture_output=True, text=True, encoding='utf-8', timeout=60, shell=True)` → Declare shell:WRITE in _meta.json allowed-tools to reflect the openclaw CLI invocation for Feishu notifications.	`cron_check.py:35`
Medium	Undeclared filesystem WRITE for daemon persistence Priv Escalation monitor_daemon.py writes logs to ~/.stock_monitor/monitor.log and control.sh creates a PID file at ~/.stock_monitor/monitor.pid. SKILL.md declares no filesystem permissions. `log_dir = Path.home() / ".stock_monitor" log_dir.mkdir(exist_ok=True)` → Declare filesystem:WRITE in _meta.json to reflect PID and log file creation in the user's home directory.	`monitor_daemon.py:16`
Low	Undeclared network endpoints Doc Mismatch 13 external URLs to Chinese financial APIs (Sina Finance, Eastmoney, Moonshot AI, DeepSeek AI) are used but not declared in SKILL.md. All API calls are legitimate stock-market data services consistent with the tool's stated purpose. `https://api.moonshot.cn/v1/chat/completions, https://api.deepseek.com/v1/chat/completions, https://hq.sinajs.cn/list=, https://push2.eastmoney.com/api/qt/stock/kline/get` → Document all external API endpoints in SKILL.md's declared network permissions.	`ai_analyser.py, analyser.py, monitor.py:20`
Low	Undeclared environment variable access Doc Mismatch ai_analyser.py reads KIMI_API_KEY from os.environ. This is documented in VERSIONS.md setup instructions but not in SKILL.md capability declarations. `self.api_key = api_key or os.environ.get("KIMI_API_KEY")` → Add KIMI_API_KEY to SKILL.md's environment requirements section.	`ai_analyser.py:14`
Low	Unpinned requests library dependency Supply Chain No requirements.txt exists; monitor.py, ai_analyser.py, and analyser.py all import 'requests' with no version constraint. This could resolve to a vulnerable version. `import requests` → Add a requirements.txt pinning requests>=2.31.0 to ensure predictable dependency resolution.	`ai_analyser.py:5`
Info	Placeholder credential pattern in VERSIONS.md Doc Mismatch VERSIONS.md line 29 contains API_KEY='your-kimi-api-key' as a placeholder example. While this is a common documentation pattern, the 'hardcoded API key' IOC flagged by pre-scan should be noted as non-malicious. `export KIMI_API_KEY="your-kimi-api-key"` → Replace the placeholder with a descriptive example format like 'YOUR_KIMI_KEY_HERE' to avoid triggering credential-scanning tools.	`VERSIONS.md:29`

Resource	Declared	Inferred	Status	Evidence
Network	`READ`	`READ`	✓ Aligned	SKILL.md describes AI API calls; ai_analyser.py calls moonshot.cn/deepseek.com
Shell	`NONE`	`WRITE`	✗ Violation	cron_check.py:18 subprocess with shell=True; control.sh:25 nohup python3 backgro…
Filesystem	`NONE`	`WRITE`	✗ Violation	monitor_daemon.py:15 writes to ~/.stock_monitor/monitor.log; control.sh:22 creat…
Environment	`NONE`	`READ`	✗ Violation	ai_analyser.py:14 reads KIMI_API_KEY from os.environ.get('KIMI_API_KEY')
Clipboard	`NONE`	`NONE`	—	N/A
Browser	`NONE`	`NONE`	—	N/A
Database	`NONE`	`NONE`	—	N/A
Skill Invoke	`NONE`	`NONE`	—	N/A

1 High 13 findings

🔑

High API Key 疑似硬编码凭证

API_KEY="your-kimi-api-key"

VERSIONS.md:29

🔗

Medium External URL 外部 URL

https://api.moonshot.cn/v1/chat/completions

ai_analyser.py:20

🔗

Medium External URL 外部 URL

https://api.deepseek.com/v1/chat/completions

ai_analyser.py:21

🔗

Medium External URL 外部 URL

https://searchapi.eastmoney.com/api/suggest/get

analyser.py:26

🔗

Medium External URL 外部 URL

https://search.sina.com.cn/?q=

analyser.py:49

🔗

Medium External URL 外部 URL

https://quotes.sina.cn/cn/api/quotes.php?symbol=

analyser.py:93

🔗

Medium External URL 外部 URL

https://push2.eastmoney.com/api/qt/stock/get

analyser.py:108

🔗

Medium External URL 外部 URL

http://datacenter-web.eastmoney.com/api/data/v1/get

analyser.py:123

🔗

Medium External URL 外部 URL

https://push2his.eastmoney.com/api/qt/stock/kline/get

monitor.py:110

🔗

Medium External URL 外部 URL

https://hq.sinajs.cn/list=

monitor.py:258

🔗

Medium External URL 外部 URL

https://finance.sina.com.cn

monitor.py:260

🔗

Medium External URL 外部 URL

https://hq.sinajs.cn/list=hf_XAU

monitor.py:299

🔗

Medium External URL 外部 URL

https://emweb.securities.eastmoney.com/PC_HSF10/CompanySurvey/CompanySurveyAjax

monitor.py:496

File Tree

12 files · 72.3 KB · 2046 lines

Python 6f · 1562L Markdown 3f · 371L Shell 1f · 64L JSON 2f · 49L

├─ 📋 _meta.json JSON 5L · 138 B

├─ 🐍 ai_analyser.py Python 259L · 8.0 KB

├─ 🐍 analyser.py Python 249L · 9.2 KB

├─ 🔧 control.sh Shell 64L · 1.9 KB

├─ 🐍 cron_check.py Python 77L · 2.1 KB

├─ 🐍 monitor_daemon.py Python 111L · 3.7 KB

├─ 🐍 monitor.py Python 593L · 26.0 KB

├─ 📋 package.json JSON 44L · 1.0 KB

├─ 📝 README.md Markdown 101L · 2.4 KB

├─ 📝 SKILL.md Markdown 203L · 6.3 KB

├─ 🐍 test_suite.py Python 273L · 9.8 KB

└─ 📝 VERSIONS.md Markdown 67L · 1.6 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`requests`	`unpinned`	implicit import	No	No requirements.txt; requests imported but version unconstrained

Security Positives

✓ No base64-encoded execution, reverse shell, or C2 communication patterns detected

✓ No access to ~/.ssh, ~/.aws, .env, or other credential storage paths

✓ No curl|bash or wget|sh remote script execution

✓ No data exfiltration channels to unknown external IPs

✓ No prompt injection instructions or jailbreak payloads

✓ No obfuscated code (eval, atob, hex-encoded strings)

✓ No cron persistence mechanisms beyond the control script's PID file

✓ All network traffic goes to legitimate, well-known Chinese financial data providers (Sina, Eastmoney, Moonshot, DeepSeek)

✓ AI API calls are purpose-appropriate (investment analysis), with the API key read only from environment variables

✓ The subprocess call in cron_check.py is limited to invoking the known openclaw CLI tool, not arbitrary shell commands

Scan Report

Findings 6 items

File Tree

Dependencies 1 items

Security Positives