stock-monitor 安全扫描报告 — 低风险 | ClawSafe

20 /100

stock-monitor

全功能智能股票监控预警系统 — Chinese A-share stock monitor with 7 alert rules, AI analysis (Kimi/DeepSeek), and trading signal generation

Legitimate stock monitoring tool with no malicious behavior, but SKILL.md omits shell execution and filesystem write permissions required for daemon operation.

技能名称stock-monitor

分析耗时71.9s

引擎pi

✓

可以安装

Update SKILL.md to declare shell:WRITE (for control.sh daemon management), filesystem:WRITE (for PID/log files at ~/.stock_monitor/), and document the network API endpoints used.

安全发现 6 项

严重性	安全发现	位置
中危	Shell execution not declared in SKILL.md 文档欺骗 cron_check.py uses subprocess.run() with shell=True to invoke 'openclaw message send' CLI. control.sh launches a Python daemon with nohup. SKILL.md lists no allowed-tools entries, leaving these behaviors completely undeclared. `subprocess.run(cmd, capture_output=True, text=True, encoding='utf-8', timeout=60, shell=True)` → Declare shell:WRITE in _meta.json allowed-tools to reflect the openclaw CLI invocation for Feishu notifications.	`cron_check.py:35`
中危	Undeclared filesystem WRITE for daemon persistence 权限提升 monitor_daemon.py writes logs to ~/.stock_monitor/monitor.log and control.sh creates a PID file at ~/.stock_monitor/monitor.pid. SKILL.md declares no filesystem permissions. `log_dir = Path.home() / ".stock_monitor" log_dir.mkdir(exist_ok=True)` → Declare filesystem:WRITE in _meta.json to reflect PID and log file creation in the user's home directory.	`monitor_daemon.py:16`
低危	Undeclared network endpoints 文档欺骗 13 external URLs to Chinese financial APIs (Sina Finance, Eastmoney, Moonshot AI, DeepSeek AI) are used but not declared in SKILL.md. All API calls are legitimate stock-market data services consistent with the tool's stated purpose. `https://api.moonshot.cn/v1/chat/completions, https://api.deepseek.com/v1/chat/completions, https://hq.sinajs.cn/list=, https://push2.eastmoney.com/api/qt/stock/kline/get` → Document all external API endpoints in SKILL.md's declared network permissions.	`ai_analyser.py, analyser.py, monitor.py:20`
低危	Undeclared environment variable access 文档欺骗 ai_analyser.py reads KIMI_API_KEY from os.environ. This is documented in VERSIONS.md setup instructions but not in SKILL.md capability declarations. `self.api_key = api_key or os.environ.get("KIMI_API_KEY")` → Add KIMI_API_KEY to SKILL.md's environment requirements section.	`ai_analyser.py:14`
低危	Unpinned requests library dependency 供应链 No requirements.txt exists; monitor.py, ai_analyser.py, and analyser.py all import 'requests' with no version constraint. This could resolve to a vulnerable version. `import requests` → Add a requirements.txt pinning requests>=2.31.0 to ensure predictable dependency resolution.	`ai_analyser.py:5`
提示	Placeholder credential pattern in VERSIONS.md 文档欺骗 VERSIONS.md line 29 contains API_KEY='your-kimi-api-key' as a placeholder example. While this is a common documentation pattern, the 'hardcoded API key' IOC flagged by pre-scan should be noted as non-malicious. `export KIMI_API_KEY="your-kimi-api-key"` → Replace the placeholder with a descriptive example format like 'YOUR_KIMI_KEY_HERE' to avoid triggering credential-scanning tools.	`VERSIONS.md:29`

资源类型	声明权限	推断权限	状态	证据
网络访问	`READ`	`READ`	✓ 一致	SKILL.md describes AI API calls; ai_analyser.py calls moonshot.cn/deepseek.com
命令执行	`NONE`	`WRITE`	✗ 越权	cron_check.py:18 subprocess with shell=True; control.sh:25 nohup python3 backgro…
文件系统	`NONE`	`WRITE`	✗ 越权	monitor_daemon.py:15 writes to ~/.stock_monitor/monitor.log; control.sh:22 creat…
环境变量	`NONE`	`READ`	✗ 越权	ai_analyser.py:14 reads KIMI_API_KEY from os.environ.get('KIMI_API_KEY')
剪贴板	`NONE`	`NONE`	—	N/A
浏览器	`NONE`	`NONE`	—	N/A
数据库	`NONE`	`NONE`	—	N/A
技能调用	`NONE`	`NONE`	—	N/A

1 高危 13 项发现

🔑

高危 API 密钥疑似硬编码凭证

API_KEY="your-kimi-api-key"

VERSIONS.md:29

🔗

中危外部 URL 外部 URL

https://api.moonshot.cn/v1/chat/completions

ai_analyser.py:20

🔗

中危外部 URL 外部 URL

https://api.deepseek.com/v1/chat/completions

ai_analyser.py:21

🔗

中危外部 URL 外部 URL

https://searchapi.eastmoney.com/api/suggest/get

analyser.py:26

🔗

中危外部 URL 外部 URL

https://search.sina.com.cn/?q=

analyser.py:49

🔗

中危外部 URL 外部 URL

https://quotes.sina.cn/cn/api/quotes.php?symbol=

analyser.py:93

🔗

中危外部 URL 外部 URL

https://push2.eastmoney.com/api/qt/stock/get

analyser.py:108

🔗

中危外部 URL 外部 URL

http://datacenter-web.eastmoney.com/api/data/v1/get

analyser.py:123

🔗

中危外部 URL 外部 URL

https://push2his.eastmoney.com/api/qt/stock/kline/get

monitor.py:110

🔗

中危外部 URL 外部 URL

https://hq.sinajs.cn/list=

monitor.py:258

🔗

中危外部 URL 外部 URL

https://finance.sina.com.cn

monitor.py:260

🔗

中危外部 URL 外部 URL

https://hq.sinajs.cn/list=hf_XAU

monitor.py:299

🔗

中危外部 URL 外部 URL

https://emweb.securities.eastmoney.com/PC_HSF10/CompanySurvey/CompanySurveyAjax

monitor.py:496

目录结构

12 文件 · 72.3 KB · 2046 行

Python 6f · 1562L Markdown 3f · 371L Shell 1f · 64L JSON 2f · 49L

├─ 📋 _meta.json JSON 5L · 138 B

├─ 🐍 ai_analyser.py Python 259L · 8.0 KB

├─ 🐍 analyser.py Python 249L · 9.2 KB

├─ 🔧 control.sh Shell 64L · 1.9 KB

├─ 🐍 cron_check.py Python 77L · 2.1 KB

├─ 🐍 monitor_daemon.py Python 111L · 3.7 KB

├─ 🐍 monitor.py Python 593L · 26.0 KB

├─ 📋 package.json JSON 44L · 1.0 KB

├─ 📝 README.md Markdown 101L · 2.4 KB

├─ 📝 SKILL.md Markdown 203L · 6.3 KB

├─ 🐍 test_suite.py Python 273L · 9.8 KB

└─ 📝 VERSIONS.md Markdown 67L · 1.6 KB

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`requests`	`unpinned`	implicit import	否	No requirements.txt; requests imported but version unconstrained

安全亮点

✓ No base64-encoded execution, reverse shell, or C2 communication patterns detected

✓ No access to ~/.ssh, ~/.aws, .env, or other credential storage paths

✓ No curl|bash or wget|sh remote script execution

✓ No data exfiltration channels to unknown external IPs

✓ No prompt injection instructions or jailbreak payloads

✓ No obfuscated code (eval, atob, hex-encoded strings)

✓ No cron persistence mechanisms beyond the control script's PID file

✓ All network traffic goes to legitimate, well-known Chinese financial data providers (Sina, Eastmoney, Moonshot, DeepSeek)

✓ AI API calls are purpose-appropriate (investment analysis), with the API key read only from environment variables

✓ The subprocess call in cron_check.py is limited to invoking the known openclaw CLI tool, not arbitrary shell commands