FinResearchClaw
PassAudited by ClawScan on May 10, 2026.
Overview
The skill is a transparent wrapper for a finance-research GitHub repo, but it will clone and run external repo code and may use Codex or Claude Code, so only use it with code and data you trust.
Before installing or running, make sure you trust the ChipmunkRPA/FinResearchClaw GitHub repo and any Codex or Claude Code provider you use. For safer use, review the repo and configs, pin a known-good commit, run in a sandbox or dedicated workspace, and avoid confidential datasets unless the provider and repo are approved.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Future runs depend on whatever code is in that GitHub repo at clone or update time.
The helper fetches the finance engine from an external GitHub repository without pinning a commit or tag, so the code that later runs is not fully represented in the reviewed bundle.
REPO_URL="https://github.com/ChipmunkRPA/FinResearchClaw.git" ... git clone "$REPO_URL" "$REPO_DIR"
Review the FinResearchClaw repository, consider pinning a trusted commit, and run it in an isolated workspace or container if you are unsure.
The finance workflow may run code and configured actions without stopping for each intermediate approval.
The direct fallback installs the cloned project and runs its CLI with auto-approval. This is expected for the stated research automation purpose, but it executes local project code.
python -m pip install -e . researchclaw run --config "$CONFIG_PATH" --auto-approve
Inspect the selected config and repo first, and remove auto-approval or use a sandbox if you want step-by-step review.
Confidential research prompts, project files, or datasets could be processed by those coding-agent providers.
The preferred workflow delegates work to external coding-agent paths such as Codex or Claude Code, which may receive task context or files depending on how they are configured.
Prefer Codex / ACP Codex for repo-driven execution, code edits, and iterative finance research runs.
Use only approved providers for confidential work and avoid sending sensitive financial datasets unless their data-handling terms are acceptable.