Is anotb/open-market-data safe?

https://github.com/openclaw/skills/tree/main/skills/anotb/open-market-data

95
SAFE

The open-market-data skill is a clean, well-structured CLI reference for querying public financial data APIs. It contains no prompt injection attempts, no data exfiltration mechanisms, and no suspicious code execution patterns. All monitored behavior during installation — filesystem, network, and process activity — was consistent with a standard npm package installation, with no canary file tampering detected.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (5)

LOW API key exposure via environment variables -5

The skill documents setting API keys via 'export' shell commands and 'omd config set', which would make these keys visible in the agent's environment and shell history. This is standard CLI practice but worth noting as the agent could inadvertently log or expose these values.

LOW Outbound network requests to multiple financial APIs -5

The omd CLI makes outbound HTTPS requests to 8 different financial data providers. While this is the intended and legitimate purpose of the tool, it creates multiple outbound network channels. All destinations are well-known public financial data APIs.

LOW npm package installed from public registry -10

The skill installs the 'open-market-data' npm package globally. While the install monitoring showed no anomalous behavior, npm packages can contain preinstall/postinstall scripts that execute arbitrary code. The package.json evidence was empty, meaning install scripts could not be directly verified from the captured evidence alone.

INFO Unrelated skill reference in lock.json -5

The .clawhub/lock.json file references 'academic-research-hub' skill which is unrelated to open-market-data. This appears to be a build artifact from the skill registry system rather than a dependency or security concern.

INFO Read-only financial data queries with no write capabilities -5

All omd commands are read-only queries against public financial data APIs. The skill does not instruct the agent to make trades, submit orders, or perform any write operations. This significantly limits the potential for harm even if misused.