Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Tvscreener

v1.0.0

Query TradingView screener data for HK, A-share, A-share ETF, and US symbols with deepentropy/tvscreener. Use for stock lookup, technical indicators (price/change/RSI/MACD/volume), symbol filtering, and custom field/filter-based market queries.

⭐ 0· 1.4k·5 current·5 all-time

by@subway-chenyan

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/description match the bundled scripts and references: all code imports and uses the tvscreener package to query markets/fields/filters. There are no unrelated binaries, credentials, or config paths requested.

✓

Instruction Scope

SKILL.md tells the user to pip-install tvscreener and run the provided scripts. The scripts only call the tvscreener API, perform local dataframe/CSV I/O, and parse CLI arguments—there are no instructions to read unrelated system files or transmit data to unexpected endpoints. Note: the tvscreener library itself will make network calls to fetch screener data (expected behavior).

ℹ

Install Mechanism

There is no platform-level install spec in the registry, but SKILL.md and the shell scripts call `python3 -m pip install -U tvscreener`. This is a standard PyPI installation (moderate trust surface). The skill does not download code from arbitrary URLs or include extract/install of unknown archives.

✓

Credentials

The skill declares no required environment variables, no credentials, and no config paths. The scripts do not read environment variables beyond optional PYTHON_BIN in the shell wrappers. This is proportionate for a read-only data-querying tool.

✓

Persistence & Privilege

The skill is not always-enabled, does not request elevated or persistent system privileges, and does not modify other skills or global agent configuration. It only installs a Python dependency into the user's environment when run (via pip).

Assessment

This skill appears coherent and only depends on the public tvscreener package. Before installing/running: (1) confirm you trust the tvscreener PyPI package (review its PyPI/project page and recent releases), since the scripts will pip-install it and it will make network requests to retrieve data; (2) avoid running the pip install as root or in environments containing other critical software—use a dedicated virtualenv/venv; (3) the scripts can write CSVs to paths you pass with --csv—avoid supplying sensitive filesystem locations; (4) no credentials are required by the skill itself, but be mindful of your environment (don't run in a container/session that already holds sensitive API tokens). If you want further assurance, inspect the tvscreener package source on PyPI/GitHub before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97063azx4332zv9vznpmr518n80ye69

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Tvscreener

License

Comments