Stock Price Query Skill

Name: stock-price-query
Author: tjefferson

View on ClawHub↗

Share on X Share on LinkedIn Share on Bluesky

100Critical

The stock price query skill is vulnerable to prompt injection,

ThreatsCI SM CS BC S HITL

Behavior Analysis

Description verified — behavior matches claim

Claims to do

Stock Price Query Skill: 实时股票行情与大盘指数查询技能，覆盖 **A 股（沪深两市）**、**港股**、**美股**三大市场。支持**单只查询**和**批量查询**（一次查询多只股票对比），轻量无依赖，无需 API Key，适合聊天场景下的快速股价查询——秒级获取当前价格、涨跌幅、开高低收、成交量等行情数据。

Actually does

This skill executes a Python script (`stock_query.py`) using `python3`. It takes stock codes (single or comma-separated for batch) and an optional market identifier as arguments. The script is designed to query real-time stock data for A-shares, Hong Kong, and US markets, including indices, by contacting unspecified 'free public market APIs' over the network.

Threat Analysis

AI Agent Traps ↗Scanned 4/15/2026

Content InjectionPerception1 finding

Semantic ManipulationReasoningclean

Cognitive StateMemory & Learningclean

Behavioural ControlActionclean

SystemicMulti-Agent Dynamicsclean

Human-in-the-LoopHuman Overseerclean

Skill Info

Nametjefferson/stock-price-query

Registryclawhub

Version1.1.6

PURLpkg:clawhub/tjefferson/stock-price-query@1.1.6

Stars18

Downloads4,527

Installs49

Source

Repository ↗

SHA-256d71c92bab61f...

SHA-119594445931f...

MD5d43653eba92c...

TLSH76024e975894...

ssdeep192:9P99UzEc...

Size8,283 bytes

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

OpenClawDocs

https://clawhub.ai/tjefferson/stock-price-query

4,527 downloads49 installs

ClawHubDocs

openclaw skills install tjefferson/stock-price-query

Assessments (1)

AI Agent Traps ↗

Prompt Injection Detectedcriticalprompt injection

DeBERTa classifier detected prompt injection (confidence: 0.97)

97% confidence

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/clawhub/tjefferson/stock-price-query.svg)](https://mondoo.com/ai-agent-security/skills/clawhub/tjefferson/stock-price-query)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/clawhub/tjefferson/stock-price-query"><img src="https://mondoo.com/ai-agent-security/api/badge/clawhub/tjefferson/stock-price-query.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/clawhub/tjefferson/stock-price-query.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow