Oathe Security Badge

Is assix/earnings-financials-agent safe?

https://clawhub.ai/assix/earnings-financials-agent

92
SAFE

This skill appears to be a legitimate financial analysis tool that uses the yfinance library to fetch earnings and financial data for stock tickers. The code is clean and limited in scope, with no evidence of malicious behavior, data exfiltration, or prompt injection attempts.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 80/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (3)

LOW Network requests could reveal user interests -5

The skill makes legitimate network requests through yfinance to fetch financial data, but this could potentially reveal information about which stocks/companies the user is researching to external financial data services.

INFO Executable Python code with external dependency -20

The skill contains Python code that requires the yfinance library to be installed. While the code appears clean and limited to financial data operations, any executable code presents inherent security considerations.

LOW Privacy implications from financial data requests -15

While functionally legitimate, the skill's network requests to financial APIs could create privacy concerns by revealing user research patterns to third-party services.