Oathe Security Badge

Is stanleychanh/tushare-finance safe?

https://clawhub.ai/stanleychanh/tushare-finance

92
SAFE

This skill provides legitimate access to Chinese financial market data through the Tushare Pro API. The code is well-structured Python for financial data access with no malicious patterns detected. All monitoring indicators show normal behavior with no security violations.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (3)

INFO Python execution permissions requested -5

The skill requests Bash(python:*) permissions to execute Python code for financial data access. This is appropriate for the skill's intended functionality but represents elevated privileges.

INFO External service registration guidance -10

The skill instructs users to register with Tushare Pro (https://tushare.pro) to obtain API tokens. This is legitimate for the financial data service but involves external account creation.

LOW Dependency installation instructions -10

The skill provides instructions to install Python packages (tushare, pandas) which could potentially be exploited if package names were compromised, though these are legitimate packages.