Skill Trust Decision
oracle-report
Skill contains multiple hardcoded API credentials that should use environment variables, creating significant credential exposure risk through source code visibility and process argument logging.
Most direct threat evidence
01
Hardcoded credentials visible in source code reconnaissance · scripts/oracle_report_generator.py
02
Credentials passed as subprocess arguments, visible in process listings Credential Access · scripts/oracle_report_generator.py
03
Attacker with repo access or process listing visibility can steal API keys Impact · N/A
Why this conclusion was reached
3/4 dimensions flagged Block
Declared vs actual capability
1 undeclared or violating capabilities were inferred.
Block
Hidden execution and egress
4 high-risk artifacts or egress signals were extracted.
Block
Attack chain and severe findings
The report includes 3 attack-chain steps and 1 severe findings.
Pass
Dependencies and supply chain hygiene
Dependencies are present but no obvious high-risk issue stands out.
Attack Chain
01
Hardcoded credentials visible in source code
reconnaissance · scripts/oracle_report_generator.py:114
02
Credentials passed as subprocess arguments, visible in process listings
Credential Access · scripts/oracle_report_generator.py:340
03
Attacker with repo access or process listing visibility can steal API keys
Impact · N/A
What drove the risk score up
Hardcoded API credentials +25
4 API keys hardcoded in source: QVERIS_API_KEY, MX_APIKEY, TUSHARE_TOKEN, FINNHUB_API_KEY
Undeclared shell execution +10
SKILL.md does not declare subprocess usage with embedded credentials
Credential exposure through process args +10
API keys passed as command-line arguments to subprocess, visible in process listings
Most important evidence
High Credential Theft
Hardcoded QVeris API Key
QVERIS_API_KEY is hardcoded as 'sk-TR53nxR09FDDTyjRATrS0lHi5yT0E3SI3U2NU2JBHT0' at line 114. This should be read from environment variable as declared in SKILL.md requires section.
scripts/oracle_report_generator.py:114 Replace with: QVERIS_API_KEY = os.environ.get('QVERIS_API_KEY', '')
Declared capability vs actual capability
Filesystem Pass
Declared NONE
→ Inferred WRITE
SKILL.md:save report to workspace Network Pass
Declared NONE
→ Inferred READ
SKILL.md:data sources declared Shell Block
Declared NONE
→ Inferred WRITE
scripts/oracle_report_generator.py:subprocess.run commands not declared Suspicious artifacts and egress
Critical API Key
sk-TR53nxR09FDDTyjRATrS0lHi5yT0E3SI3U2NU2JBHT0 scripts/oracle_report_generator.py:114
High API Key
API_KEY = "sk-TR53nxR09FDDTyjRATrS0lHi5yT0E3SI3U2NU2JBHT0" scripts/oracle_report_generator.py:114
High API Key
APIKEY = "mkt_RyCLYiWKZNRjp-GYkkT4VhDlb9l94muesZydiL7KMXM" scripts/oracle_report_generator.py:123
High API Key
API_KEY = "d71s571r01qpd27931ggd71s571r01qpd27931h0" scripts/oracle_report_generator.py:125
Medium External URL
http://qt.gtimg.cn/q= scripts/oracle_report_generator.py:291
Medium External URL
https://finance.sina.com.cn scripts/oracle_report_generator.py:354
Medium External URL
https://hq.sinajs.cn/list= scripts/oracle_report_generator.py:364
Medium External URL
http://qt.gtimg.cn/q=sh000001 scripts/oracle_report_generator.py:544
Medium External URL
https://mkapi2.dfcfs.com/finskillshub/api/claw/query scripts/oracle_report_generator.py:622
Medium External URL
http://hq.sinajs.cn/list=fx_susdcny scripts/oracle_report_generator.py:1212
Medium External URL
http://qt.gtimg.cn/q=r_hkHSI scripts/oracle_report_generator.py:1340
Medium External URL
https://fred.stlouisfed.org/graph/fredgraph.csv?id=DGS30&cosd= scripts/oracle_report_generator.py:1498
Dependencies and supply chain
| Package | Version | Source | Known vuln | Notes |
|---|---|---|---|---|
| akshare | not pinned | pip | No | Version not specified in code, no requirements.txt |
| requests | not pinned | pip | No | Used for HTTP requests |
| urllib | stdlib | python | No | Standard library |
File composition
3 files · 4296 lines
Python 1 files · 4094 linesMarkdown 1 files · 185 linesJSON 1 files · 17 lines
Files of concern · 1
scripts/oracle_report_generator.py Hardcoded QVeris API Key · sk-TR53nxR09FDDTyjRATrS0lHi5yT0E3SI3U2NU2JBHT0 · API_KEY = "sk-TR53nxR09FDDTyjRATrS0lHi5yT0E3SI3U2NU2JBHT0" · APIKEY = "mkt_RyCLYiWKZNRjp-GYkkT4VhDlb9l94muesZydiL7KMXM" · API_KEY = "d71s571r01qpd27931ggd71s571r01qpd27931h0" · http://qt.gtimg.cn/q= · https://finance.sina.com.cn · https://hq.sinajs.cn/list= · http://qt.gtimg.cn/q=sh000001 · https://mkapi2.dfcfs.com/finskillshub/api/claw/query · http://hq.sinajs.cn/list=fx_susdcny · http://qt.gtimg.cn/q=r_hkHSI · https://fred.stlouisfed.org/graph/fredgraph.csv?id=DGS30&cosd= · http://hq.sinajs.cn/list=nf_AU0 · https://finance.sina.com.cn/futuremarket/quotes/au.html · https://push2.eastmoney.com/api/qt/clist/get?pn=1&pz=50&po=1&np=1&ut=bd1d9ddb01984300aa256e6293924598&fltt=2&invt=2&fid=f3&fs=m:118&fields=f12 · http://hq.sinajs.cn/list=hf_CL · http://hq.sinajs.cn/list=nf_SC0 · https://datacenter-web.eastmoney.com/api/data/v1/get?reportName=RPT_MARGIN_FINANCE&columns=ALL&filter=&pageSize=1&pageNumber=1&sortColumns=TRADE_DATE&sortTypes=-1 · http://vip.stock.finance.sina.com.cn/quotes_service/api/json_v2.php/Market_Center.getHQNodeData?page=1&num=6000&sort=changepercent&asc=0&node=hs_a&_s_r_a=page · http://push2.eastmoney.com/api/qt/clist/get?pn=1&pz=6000&po=1&fid=f3&fs=m:0+t:6 · https://push2.eastmoney.com/api/qt/stock/fflow/kline/get?secid=1.000001&fields1=f1
Other files · SKILL.md · _meta.json
Security positives
Financial data fetching is legitimate and declared in SKILL.md data sources
No evidence of credential exfiltration or data theft to external C2 servers
Uses standard financial data APIs (Tencent, Sina, AKShare, Eastmoney, FRED)
Report generation and file saving behavior aligns with documented functionality