Is us-stock-analysis safe?

https://clawhub.ai/Veeramanikandanr48/us-stock-analysis

85
SAFE

This is a pure-markdown instructional skill for US stock analysis containing no executable code, no external dependencies, no hidden instructions, and no data exfiltration vectors. All files are documentation: a SKILL.md workflow guide and four reference files covering financial metrics, technical analysis, fundamental analysis, and report templates. The filesystem monitoring events showing sensitive file reads (.env, .aws/credentials) are attributable to the OpenClaw platform runtime during installation, not to the skill itself. Canary files remained fully intact.

Category Scores

Prompt Injection 82/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 75/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 78/100 · 5%

Findings (7)

LOW Directive workflow instructions -8

The SKILL.md uses imperative language directing agent behavior ('Always use web search tools', 'Read references/...md for analytical framework'). While this is standard skill authoring practice and necessary for the skill to function, it does establish behavioral patterns the agent will follow. No malicious intent detected.

LOW Broad search instruction scope -5

The skill instructs the agent to search for earnings reports, investor presentations, SEC filings, and data from multiple financial websites. While entirely appropriate for stock analysis, this grants the skill influence over the agent's web browsing behavior.

LOW Investment recommendation generation -5

The skill instructs the agent to generate Buy/Hold/Sell recommendations with conviction levels and target prices. While not a security concern per se, this could create liability if users treat AI-generated recommendations as professional financial advice.

INFO Platform runtime reads sensitive files during install -15

The OpenClaw platform runtime (not the skill itself) read .env, .aws/credentials, and platform configuration files during the installation process. This is attributable to the platform's gateway/installer process, not to the skill's content. The skill contains no executable code that could trigger these reads.

INFO JIT compilation artifacts in /tmp -10

Multiple .cjs files were created in /tmp/jiti/ during installation. These are JIT-compiled modules from the OpenClaw platform runtime (memory-core, plugin-sdk, channels-registry, etc.), not from the skill itself.

INFO Theoretical web-search side-channel in skill composition -12

The skill's heavy reliance on web searches could theoretically be exploited if combined with a malicious skill that injects sensitive data into search queries. This is a generic risk applicable to any web-search-using skill and is not specific to this skill's design.

INFO No financial disclaimer included -10

The skill generates investment recommendations without including a disclaimer that this is not professional financial advice. While not a security vulnerability, it could expose users to financial risk.