Oathe Security Badge

Is kys42/stock-info-explorer safe?

https://github.com/openclaw/skills/tree/main/skills/kys42/stock-info-explorer

88
SAFE

stock-info-explorer is a well-scoped, legitimate financial analysis skill that fetches OHLCV data from Yahoo Finance and renders charts and indicator summaries locally. The SKILL.md contains no prompt injection, the Python code performs only documented stock-data operations, all canary honeypots were intact post-installation, and the install process made no unexpected network connections. The only non-trivial risk is the standard PyPI supply chain exposure introduced by uv's runtime package installation, which is inherent to the tool's architecture rather than indicative of malicious intent.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 80/100 · 20%
Clone Behavior 93/100 · 10%
Canary Integrity 95/100 · 10%
Behavioral Reasoning 82/100 · 5%

Findings (4)

LOW PyPI supply chain delegation via uv inline dependencies -15

The skill defers trust to six PyPI packages fetched at runtime. While all are reputable (yfinance is the de facto Python Yahoo Finance library; the rest are standard data/visualization packages), this pattern means a future compromise of any package would silently execute within the agent context.

LOW Outbound HTTPS to Yahoo Finance on every invocation -8

Every command in the skill causes the Python script to call Yahoo Finance APIs. This is documented and expected, but means the agent will always make external network calls when this skill is active, which may be undesirable in air-gapped or strict egress environments.

INFO Network connections during install match expected GitHub and Canonical infrastructure 0

All install-phase TCP connections went to GitHub (140.82.113.3) for the sparse clone and Canonical (185.125.188.58, 185.125.190.18) for Ubuntu package metadata. No unexpected third-party endpoints were contacted during installation.

INFO Credential file access events are audit-framework reads, not skill exfiltration 0

Two rounds of opens on .env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, and .gcloud/credentials appear in auditd. The first round (timestamp ~1771956262) predates the git clone by five seconds and is the oathe framework establishing canary baselines. The second round (~1771956278) follows the post-install source collection phase and is the framework's integrity verification pass. All files remained unmodified.