Noah Stock Market

Name: noah-stock-market
Author: xuyun9160-lgtm

View on ClawHub↗

Share on X Share on LinkedIn Share on Bluesky

100Critical

The skill is vulnerable to prompt injection, exposes internal

ThreatsCI SM CS BC S HITL

Behavior Analysis

Description verified — behavior matches claim

Claims to do

Noah Stock Market: 港股 / 美股只读市场数据 skill。通过公司内部证券 Open API 获取市场数据，并将原始结果整理成适合聊天场景阅读的结构化摘要。

Actually does

The skill executes Python scripts (`run_query.py`, `route_query.py`) to query market data for Hong Kong and US stocks. It retrieves an API key and base URL from `~/.openclaw/.secrets/noah-market.env` and contacts `https://securities-open-api.noahgroup.com`. It supports various read-only queries like stock snapshots, K-lines, capital flow, and financial data, using parameters defined in local YAML files.

Threat Analysis

AI Agent Traps ↗Scanned 4/17/2026

Content InjectionPerception1 finding

Semantic ManipulationReasoningclean

Cognitive StateMemory & Learning1 finding

Behavioural ControlAction3 findings

SystemicMulti-Agent Dynamicsclean

Human-in-the-LoopHuman Overseer1 finding

Skill Info

Namexuyun9160-lgtm/noah-stock-market

Registryclawhub

Version1.2.4

PURLpkg:clawhub/xuyun9160-lgtm/noah-stock-market@1.2.4

Downloads122

Source

Repository ↗

SHA-256e226793dc5f1...

SHA-17dc47d60a055...

MD53c817d56dc0d...

TLSH22e1c7ac1c28...

ssdeep192:pkmuaA8I...

Size7,023 bytes

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

OpenClawDocs

https://clawhub.ai/xuyun9160-lgtm/noah-stock-market

122 downloads

ClawHubDocs

openclaw skills install xuyun9160-lgtm/noah-stock-market

Assessments (4)

AI Agent Traps ↗

Prompt Injection Detectedcriticalprompt injection

DeBERTa classifier detected prompt injection (confidence: 1.00)

100% confidence

Command Execution via Python Scripthighcommand execution

The skill directly executes Python scripts (`scripts/run_query.py`) with user-controlled arguments. While enum validation is specified, the underlying script's robustness against shell injection or argument injection is critical and not guaranteed by this skill definition alone.

90% confidenceline 100

python3 scripts/run_query.py snapshot HK-00700
python3 scripts/run_query.py kline HK-00700 num=10 ktype=K_DAY

Supply Chain Risk via External Skill Filesmediumsupply chain

The skill relies on external files (`references/*.md`, `openapi.yaml`, `enum.yaml`, `entity.yaml`, `scripts/*.py`) for its logic and validation. Compromise or manipulation of these files during deployment or runtime could subvert the skill's intended behavior and security controls.

80% confidenceline 90

`references/openapi.yaml`、`references/enum.yaml`、`references/entity.yaml` 是本 skill 的协议源文件。`scripts/run_query.py`

Configurable API Base URL for External Callsmediumdata exfiltration

The `NOAH_API_BASE_URL` is configurable via `~/.openclaw/.secrets/noah-market.env`. If an attacker can compromise the host environment and modify this file, they could redirect API calls to an attacker-controlled server, potentially leading to data exfiltration or other malicious actions.

70% confidenceline 26

NOAH_API_BASE_URL=https://securities-open-api.noahgroup.com

Information Leakage in Development Modehighsocial engineering

The '开发模式' (Development Mode) explicitly allows the agent to expose internal details like request parameters, return structures, and implementation logic. An attacker could social engineer the agent into this mode to extract sensitive information, potentially aiding further attacks.

90% confidenceline 145

当用户在开发、调试、设计或排查这个 skill 时，可以说明：- 使用了哪个接口 - 请求参数 - 返回结构 - 当前实现逻辑与已知问题

RAG Poisoning Vector via Reference Fileslowrag poisoning

The agent is instructed to read various `references/*.md` files based on user intent. If these reference files themselves are compromised or contain malicious instructions, they could poison the agent's knowledge base or influence its reasoning.

60% confidenceline 60

先读取 `references/auth-and-preflight.md`，确认 API 配置与 token 读取方式。再根据用户意图，按需读取对应 reference

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/clawhub/xuyun9160-lgtm/noah-stock-market.svg)](https://mondoo.com/ai-agent-security/skills/clawhub/xuyun9160-lgtm/noah-stock-market)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/clawhub/xuyun9160-lgtm/noah-stock-market"><img src="https://mondoo.com/ai-agent-security/api/badge/clawhub/xuyun9160-lgtm/noah-stock-market.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/clawhub/xuyun9160-lgtm/noah-stock-market.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow