The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The file scripts/web_app.py contains hardcoded default passwords ('admin123', 'dev123', 'view123') and a hardcoded Flask SECRET_KEY. While these are documented as defaults, they present a risk if the dashboard is deployed to a network without modification.
[COMMAND_EXECUTION]: The skill's primary automation mechanism, as documented in SKILL.md, relies on the execution of shell commands through scheduled cron jobs (e.g., python3 scripts/smart_market_updater.py). This is a standard feature of the tool but constitutes a local command execution surface.
[EXTERNAL_DOWNLOADS]: The skill uses akshare and requests to fetch real-time financial data from external sources like Sina Finance (hq.sinajs.cn). These are well-known financial data providers and the operations are performed over unencrypted HTTP in some instances.
[DATA_EXPOSURE]: The database configuration in scripts/stock_cache_db.py uses a hardcoded absolute file path (/Users/jamemei/.openclaw/...) which may lead to execution failures or path disclosure if the skill is moved to a different environment.

a-stock-monitor