Finance Analysis
Security checks across malware telemetry and agentic risk
Overview
This skill appears to be a straightforward financial-analysis CLI that uses an optional Tushare API token and documented Python dependencies.
This skill looks safe to install if you are comfortable running a local Python finance CLI. Use a virtual environment, install dependencies from trusted sources, and only provide a Tushare token you are comfortable using for financial data queries.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you provide a Tushare token, the skill can use your Tushare account access to fetch financial data.
The code reads a Tushare API token from the environment and passes it to the official provider API client. This is aligned with the skill's finance-data purpose and no token logging or unrelated use is shown.
token = os.getenv('TUSHARE_TOKEN') ... return ts.pro_api(token)Use a token intended for Tushare only, avoid sharing terminal output that might expose environment setup, and revoke or rotate the token if no longer needed.
Installing the dependencies adds third-party code to your Python environment.
The skill depends on third-party Python packages. The versions are declared and pinned, and these dependencies are consistent with financial data analysis.
"dependencies": { "tushare": "1.2.88", "pandas": "1.5.3", "numpy": "1.23.5" }Install in a virtual environment and use trusted package sources before running the CLI.