Oathe Security Badge

Is 77Spongebob/alpha-pulse safe?

https://clawhub.ai/77Spongebob/alpha-pulse

87
SAFE

This appears to be a legitimate Chinese stock market analysis tool for T+1 trading strategies using the akshare library. The skill contains executable Python code but shows no signs of malicious intent, data exfiltration, or prompt injection attacks.

Category Scores

Prompt Injection 85/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 75/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 80/100 · 5%

Findings (3)

MEDIUM Executable Python Code Present -25

The skill contains executable Python code in scanner.py that imports libraries like akshare, pandas, and numpy for stock market analysis. While the code appears benign, executable code always poses some risk.

LOW User Command Solicitation -15

The skill prompts users to respond with specific commands using Chinese text '继续? ✅ 回复"继续" 或 "custom [需求]"'. This is likely benign user interaction but could potentially be used to guide user behavior.

LOW Language Barrier Risk -20

The skill is entirely in Chinese, which may cause non-Chinese speakers to install functionality they don't fully understand. The skill appears to be for Chinese stock market analysis.