ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Yahoo Finance

Get stock prices, quotes, fundamentals, earnings, options, dividends, and analyst ratings using Yahoo Finance. Uses yfinance library - no API key required.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
37 · 15.4k · 141 current installs · 148 all-time installs
by@ajanraj
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The stated purpose (fetching Yahoo Finance data via yfinance) matches the libraries referenced (yfinance, rich). However the SKILL.md expects a local executable 'yf' under /path/to/skills/yahoo-finance/ which is not present in the package manifest (no code files). Requiring the 'uv' package manager is heavier than necessary for a simple yfinance script and is not justified by the description.
!
Instruction Scope
Instructions tell the user to run remote installation commands (curl https://astral.sh/uv/install.sh | sh or powershell invoke-expression), chmod and symlink a 'yf' binary into /usr/local/bin, and restart shells. Those steps grant the installer broad discretion (download-and-execute) and modify system paths. The skill's docs also assume files that are not bundled, which is a functional/integrity mismatch.
!
Install Mechanism
There is no formal install spec in registry metadata, but SKILL.md recommends installing 'uv' via a remote install script (curl | sh) from astral.sh. Download-and-execute from an external URL is a high-risk install pattern unless you inspect the script beforehand. The docs also suggest multiple install methods (curl installer, homebrew, pip) which is inconsistent but not necessarily malicious.
Credentials
The skill declares no required environment variables, credentials, or config paths and the instructions do not request secrets. That is proportionate to the stated purpose.
Persistence & Privilege
The skill does not request 'always: true' and is user-invocable only. However the suggested install steps (symlinking /usr/local/bin/yf) modify system-wide PATH and require filesystem privileges — this is expected for a CLI but worth noting because it makes the system-wide impact larger if the installed components are untrusted.
What to consider before installing
Things to consider before installing: - The skill package contains no executable or script named 'yf' yet the README instructs you to chmod and symlink one. Ask the publisher to provide the 'yf' script or include code in the package. - The SKILL.md recommends installing 'uv' by piping a remote install script (curl https://astral.sh/uv/install.sh | sh). Download-and-execute of remote scripts can run arbitrary code on your machine — do not run it without inspecting the script and trusting the host. - Safer alternatives: create a Python virtualenv and pip install yfinance and rich yourself (pip install yfinance rich), then implement or review any wrapper script locally. Prefer installing from well-known package channels (pip, homebrew) rather than unknown remote installers. - If you must use the provided installer, inspect the install script content first (curl -sL https://astral.sh/uv/install.sh and read it), avoid running as root, and avoid symlinking unknown binaries into system-wide locations until you audit them. - Request clarification from the skill author about why 'uv' is required, and ask them to bundle the 'yf' script or provide an explicit, auditable install artifact. If the author can't provide code or the install script's contents, treat this package as untrusted.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97cjmzj7czqcdb5t3jrj7gdsn7ysw83

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Yahoo Finance CLI

A Python CLI for fetching comprehensive stock data from Yahoo Finance using yfinance.

Requirements

  • Python 3.11+
  • uv (for inline script dependencies)

Installing uv

The script requires uv - an extremely fast Python package manager. Check if it's installed:

uv --version

If not installed, install it using one of these methods:

macOS / Linux

curl -LsSf https://astral.sh/uv/install.sh | sh

macOS (Homebrew)

brew install uv

Windows

powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex"

pip (any platform)

pip install uv

After installation, restart your terminal or run:

source ~/.bashrc  # or ~/.zshrc on macOS

Installation

The yf script uses PEP 723 inline script metadata - dependencies are auto-installed on first run.

# Make executable
chmod +x /path/to/skills/yahoo-finance/yf

# Optionally symlink to PATH for global access
ln -sf /path/to/skills/yahoo-finance/yf /usr/local/bin/yf

First run will install dependencies (yfinance, rich) to uv's cache. Subsequent runs are instant.

Commands

Price (quick check)

yf AAPL              # shorthand for price
yf price AAPL

Quote (detailed)

yf quote MSFT

Fundamentals

yf fundamentals NVDA

Shows: PE ratios, EPS, market cap, margins, ROE/ROA, analyst targets.

Earnings

yf earnings TSLA

Shows: Next earnings date, EPS estimates, earnings history with surprises.

Company Profile

yf profile GOOGL

Shows: Sector, industry, employees, website, address, business description.

Dividends

yf dividends KO

Shows: Dividend rate/yield, ex-date, payout ratio, recent dividend history.

Analyst Ratings

yf ratings AAPL

Shows: Buy/hold/sell distribution, mean rating, recent upgrades/downgrades.

Options Chain

yf options SPY

Shows: Near-the-money calls and puts with strike, bid/ask, volume, OI, IV.

History

yf history GOOGL 1mo     # 1 month history
yf history TSLA 1y       # 1 year
yf history BTC-USD 5d    # 5 days

Ranges: 1d, 5d, 1mo, 3mo, 6mo, 1y, 2y, 5y, 10y, ytd, max

Compare

yf compare AAPL,MSFT,GOOGL
yf compare RELIANCE.NS,TCS.NS,INFY.NS

Side-by-side comparison with price, change, 52W range, market cap.

Search

yf search "reliance industries"
yf search "bitcoin"
yf search "s&p 500 etf"

Symbol Format

  • US stocks: AAPL, MSFT, GOOGL, TSLA
  • Indian NSE: RELIANCE.NS, TCS.NS, INFY.NS
  • Indian BSE: RELIANCE.BO, TCS.BO
  • Crypto: BTC-USD, ETH-USD
  • Forex: EURUSD=X, GBPUSD=X
  • ETFs: SPY, QQQ, VOO

Examples

# Quick price check
yf AAPL

# Get valuation metrics
yf fundamentals NVDA

# Next earnings date + history
yf earnings TSLA

# Options chain for SPY
yf options SPY

# Compare tech giants
yf compare AAPL,MSFT,GOOGL,META,AMZN

# Find Indian stocks
yf search "infosys"

# Dividend info for Coca-Cola
yf dividends KO

# Analyst ratings for Apple
yf ratings AAPL

Troubleshooting

"command not found: uv"

Install uv using the instructions above.

Rate limiting / connection errors

Yahoo Finance may rate limit excessive requests. Wait a few minutes and try again.

"No data" for a symbol

  • Verify the symbol exists: yf search "company name"
  • Some data (options, dividends) isn't available for all securities

Technical Notes

  • Uses PEP 723 inline script metadata for uv dependencies
  • Rich library provides colored, formatted tables
  • First run installs deps to uv cache (~5 seconds)
  • Subsequent runs are instant (cached environment)
  • Handles NaN/None values gracefully with fallbacks

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…