ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Macd

v2.0.4

Calculate MACD from price data. Use when computing MACD/signal/histogram from a price series, spotting crossovers, reading momentum, or planning MACD-based e...

0· 99·0 current·0 all-time
by@bytesagain1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included code and instructions. The skill only requires bash and python3 and exposes commands to calculate MACD from an inline series or a CSV file, interpret values, and display trading guidance — all consistent with a MACD calculator.
Instruction Scope
SKILL.md instructs the agent to run the provided scripts/script.sh commands. The script only reads user-supplied input (inline price list or a file path), computes values locally, and prints results. It does not reach out to external endpoints or read environment variables beyond those it sets to pass data to Python. Note: calculate-file reads whatever file path the user supplies (expected for this feature).
Install Mechanism
No install spec is provided and the skill is instruction/script-only. Nothing is downloaded or written to disk by an installer — the lowest-risk model for install behavior.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. The script uses temporary environment variables to pass parameters to the embedded Python invocations only, which is proportional to its function.
Persistence & Privilege
always is false and the skill does not request persistent or elevated agent/system privileges. It does not modify other skills or alter system configuration.
Assessment
This skill appears to do only local MACD calculations using your provided price series or a CSV file. Before running: ensure you have python3 and bash available; only pass files you intend the tool to read (it will open any path you give it); if you plan to run untrusted skills, consider running them in a sandbox. Also validate numeric results (indexing/alignment logic in the script is a bit intricate) before using outputs for live trading decisions — this review addresses coherence, not financial correctness.

Like a lobster shell, security has layers — review code before you run it.

latestvk9727f0ng63mqzfcew27cqspas83mzpb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments