Security audit
Stock Portfolio
Security checks across malware telemetry and agentic risk
Overview
The package and its runtime instructions are coherent for a portfolio tool that fetches live prices via the AIsa API and stores portfolios locally; required credentials and files align with the stated purpose.
This skill appears to do what it claims: it stores portfolios locally (~/.clawdbot/skills/stock-analysis/portfolios.json) and uses your AISA_API_KEY to call an AIsa/OpenAI-compatible API to obtain prices. Before installing: (1) only provide an AIsa API key you trust and consider scoping or rotating it if possible; (2) be aware the script asks the model to return JSON prices — models can produce fabricated or stale values, so treat outputs as informational and verify against market feeds for trading decisions; (3) back up any important portfolio data stored under ~/.clawdbot; and (4) if you change AISA_BASE_URL, verify the endpoint is legitimate. If you want higher assurance, inspect or run the Python script in an isolated environment to confirm behavior and that dependencies (openai Python lib) are installed from expected sources.
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
