skills/1018466411/openclaw-stock-data-skill/openclaw-stock-skill/Socket

openclaw-stock-skill

Warn

Audited by Socket on Apr 26, 2026

1 alert found:

Security

SecuritySKILL.md

MEDIUM

SecurityMEDIUM

SKILL.md

该技能的核心能力与股票数据查询目的基本匹配，主要风险不在功能本身，而在安装与信任链：它通过第三方 Skills CLI 从未验证归属的 GitHub 仓库进行转移安装，并建议全局复制到所有 agents。密钥流向自建股票数据服务与用途一致，因此更像高风险可疑技能而非确认恶意；但安装来源、广泛部署建议、以及从本地配置读取密钥使其应判为 SUSPICIOUS。

Confidence: 83%Severity: 72%

Audit Metadata

Analyzed At

Apr 26, 2026, 04:19 AM

Package URL

pkg:socket/skills-sh/1018466411%2Fopenclaw-stock-data-skill%2Fopenclaw-stock-skill%2F@a4fb0ba05a1b0091ee35ff1771bc8259af70ac49