中文 EN
Start Review
Skill Trust Decision

vnstock-env-setup

Confirmed malicious: credential theft combined with curl|bash remote code execution allows arbitrary code injection at any time.

Install decision first Source: Manual upload Scanned: Apr 5, 2026
Files 3
Artifacts 9
Violations 4
Findings 6
Most direct threat evidence
Critical Credential Theft
API keys sent to external server vnstocks.com

The skill instructs the AI to accept user API keys and pass them to the remotely-fetched installer script at https://vnstocks.com/files/vnstock-cli-installer.run via --api-key parameter. This means all sponsor-tier API keys are transmitted to an external server.

SKILL.md:129

Why this conclusion was reached

3/4 dimensions flagged
Block
Declared vs actual capability

4 undeclared or violating capabilities were inferred.

Block
Hidden execution and egress

4 high-risk artifacts or egress signals were extracted.

Block
Attack chain and severe findings

The report includes 5 attack-chain steps and 5 severe findings.

Review
Dependencies and supply chain hygiene

2 dependency or supply-chain issues need attention.

Attack Chain

01
Skill presents as legitimate 'Vnstock Environment Setup' tool

Entry · SKILL.md:1

02
User provides Sponsor-tier API key during setup

social_engineering · SKILL.md:129

03
API key transmitted to external server via --api-key parameter

credential_theft · SKILL.md:129

04
Remote script downloaded and piped to bash for execution

Escalation · SKILL.md:132

05
Attacker can modify vnstock-cli-installer.run at any time to inject arbitrary code with user privileges

Impact · SKILL.md:132

What drove the risk score up

API key exfiltration to external server +35

User-provided API keys are passed to https://vnstocks.com/files/vnstock-cli-installer.run

curl|bash remote code execution +35

SKILL.md lines 32,129,132 pipe remote script directly to bash - attacker can inject arbitrary code at any time

Credential theft with remote execution +20

Combining credential theft and RCE is nearly conclusive maliciousness per scoring rules

External requirements.txt without verification +10

pip install -r https://vnstocks.com/files/requirements.txt has no hash pinning

Undeclared behavior +8

SKILL.md does not disclose that API keys are sent to external servers

Most important evidence

Critical Credential Theft

API keys sent to external server vnstocks.com

The skill instructs the AI to accept user API keys and pass them to the remotely-fetched installer script at https://vnstocks.com/files/vnstock-cli-installer.run via --api-key parameter. This means all sponsor-tier API keys are transmitted to an external server.

SKILL.md:129
Never pass credentials to externally-hosted scripts. Use official PyPI packages with verified hashes instead.
Critical RCE

curl|bash remote code execution pattern

SKILL.md instructs execution of 'curl URL | bash' which downloads and executes arbitrary code from vnstocks.com. The server can modify the response at any time to inject malicious code, creating a persistent backdoor.

SKILL.md:132
Never use curl|bash patterns. Download scripts first, inspect source, verify hashes, then execute locally.
Critical Supply Chain

Unverified external requirements.txt

pip install -r https://vnstocks.com/files/requirements.txt downloads dependencies from an external URL with no version pinning, hash verification, or integrity checks. The remote file can be modified at any time.

SKILL.md:30
Use only PyPI-hosted packages with pinned versions and hash verification.
High Doc Mismatch

Undeclared credential transmission

SKILL.md describes this as a 'diagnostics and setup' skill but never discloses that user API keys are transmitted to vnstocks.com. The documentation only mentions 'API key' in the install command context.

SKILL.md:1
All credential transmissions must be explicitly documented with clear warnings.
High Sensitive Access

Filesystem overwrite without proper confirmation

setup_agent_guide.py overwrites AGENTS.md, CLAUDE.md, entire docs/ directory, and copies/deletes skills directories. Git config is modified with hardcoded email '[email protected]'.

scripts/setup_agent_guide.py:67
Document all filesystem modifications. Require explicit user consent for overwriting user files.
Medium Priv Escalation

Attempts to install git with elevated privileges

check_and_install_git() attempts 'sudo apt-get install -y git' on Linux and downloads/runs an installer executable on Windows.

scripts/setup_agent_guide.py:30
Document elevated permission requirements. Prefer user-managed installations over automated sudo.

Declared capability vs actual capability

Shell Block
Declared NONE
Inferred WRITE
SKILL.md:32 curl|bash pattern
Network Block
Declared NONE
Inferred WRITE
SKILL.md:32 POSTs API key to vnstocks.com
Filesystem Block
Declared NONE
Inferred WRITE
setup_agent_guide.py:67-91 shutil.copytree/rmtree
Environment Block
Declared NONE
Inferred READ
diagnostics.py:16 checks VIRTUAL_ENV, CONDA_PREFIX

Suspicious artifacts and egress

Critical Dangerous Command
wget -qO- https://vnstocks.com/files/vnstock-cli-installer.run \| bash

SKILL.md:32

Critical Dangerous Command
curl -fsSL https://vnstocks.com/files/vnstock-cli-installer.run \| bash

SKILL.md:32

Critical Dangerous Command
wget -qO- https://vnstocks.com/files/vnstock-cli-installer.run | bash

SKILL.md:129

Critical Dangerous Command
curl -fsSL https://vnstocks.com/files/vnstock-cli-installer.run | bash

SKILL.md:132

Medium External URL
https://vnstocks.com/files/requirements.txt

SKILL.md:30

Medium External URL
https://vnstocks.com/files/vnstock-cli-installer.run

SKILL.md:32

Medium External URL
https://vnstocks.com/files/requirements.txt;

SKILL.md:32

Medium External URL
https://vnstocks.com/api/simple

SKILL.md:32

Info Email
[email protected]

scripts/setup_agent_guide.py:44

Dependencies and supply chain

PackageVersionSourceKnown vulnNotes
vnstocks.com/files/requirements.txt * external URL Yes No version pinning, no hash verification, fetched from external server
vnstock-cli-installer.run unknown external URL Yes Remote script piped to bash - can be modified at any time to inject malicious code

File composition

3 files · 324 lines
Python 2 files · 173 linesMarkdown 1 files · 151 lines
Files of concern · 2
SKILL.md Markdown · 151 lines
API keys sent to external server vnstocks.com · curl|bash remote code execution pattern · Unverified external requirements.txt · Undeclared credential transmission · wget -qO- https://vnstocks.com/files/vnstock-cli-installer.run \| bash · curl -fsSL https://vnstocks.com/files/vnstock-cli-installer.run \| bash · wget -qO- https://vnstocks.com/files/vnstock-cli-installer.run | bash · curl -fsSL https://vnstocks.com/files/vnstock-cli-installer.run | bash · https://vnstocks.com/files/requirements.txt · https://vnstocks.com/files/vnstock-cli-installer.run · https://vnstocks.com/files/requirements.txt; · https://vnstocks.com/api/simple
scripts/setup_agent_guide.py Python · 119 lines
Filesystem overwrite without proper confirmation · Attempts to install git with elevated privileges · [email protected]
Other files · diagnostics.py

Security positives

Uses virtual environment as documented best practice
Provides diagnostic checks before making changes
Checks for git backup before installation
Asks user permission before overwriting docs/ directory