Stock Query
PassAudited by ClawScan on May 10, 2026.
Overview
This skill appears purpose-aligned for stock/fund price lookup and local portfolio CSV management, with disclosed Bash, network, and local file use.
This skill looks reasonable for stock and fund quote lookup. Install it only if you are comfortable with Bash-based commands, outbound calls to the listed finance APIs, and a local portfolio.csv file storing non-credential portfolio data.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can run local shell commands to query data and modify the portfolio CSV when asked.
The skill uses Bash tools and local file commands. This is sensitive capability, but it is disclosed and scoped to stock API calls and portfolio.csv management.
| `shell` | 执行 `curl`、`iconv`、`grep`、`awk`、`mktemp` | 仅操作 `portfolio.csv`;不执行任意命令 |
Use it only for intended stock/fund queries and review portfolio add/edit/delete requests before confirming them.
Your local portfolio holdings and reference prices may be read or updated by the skill for portfolio-related requests.
portfolio.csv is persistent local financial context. The artifact limits the file contents and explicitly warns against storing credentials.
本 skill 仅在用户显式指令下读写 `portfolio.csv` 一个文件... `portfolio.csv` 仅应包含股票代码、名称、数量、自选价格。禁止存放账户密码、API 密钥、Token 或任何认证凭证。
Keep portfolio.csv limited to non-credential portfolio data and do not store passwords, API keys, tokens, or brokerage account details in it.
A user relying only on registry metadata might miss that the skill needs command-line tools and network/Bash permissions.
The registry metadata under-declares runtime requirements compared with the skill's own yaml and SKILL.md disclosures.
metadata: Required binaries ... none; Capability signals: No capability tags were derived. / skill.yaml: requires: bins: [curl, iconv, python3] ... permissions: network, shell
Before installing, verify that Bash, curl, iconv, and python3 are acceptable in your environment and that network access to the listed finance providers is allowed.