Oathe Security Badge

Is robottk/stock-daily-analysis safe?

https://clawhub.ai/robottk/stock-daily-analysis

83
SAFE

This is a legitimate stock market technical analysis skill that implements standard financial indicators (MACD, RSI, moving averages) and integrates with AI services for investment analysis. The main security concern is that the setup script downloads external code from GitHub, creating potential supply chain risks.

Category Scores

Prompt Injection 92/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 70/100 · 20%
Clone Behavior 92/100 · 10%
Canary Integrity 98/100 · 10%
Behavioral Reasoning 77/100 · 5%

Findings (3)

MEDIUM External Repository Code Download -25

The setup.sh script downloads and executes code from an external GitHub repository (https://github.com/ZhuLinsen/daily_stock_analysis.git). This creates a supply chain risk if the external repository is compromised or contains malicious code.

LOW External AI Service API Calls -15

The skill sends stock technical analysis data to external AI services (DeepSeek, Gemini, OpenAI) for analysis. While this is legitimate functionality, it involves sending data to third-party services.

INFO Shell Script Execution -5

The skill includes executable shell scripts (setup.sh, run.sh, update.sh) that perform system operations including git operations and Python execution.