ClawHub

Stock Deep Dive v1.0.0 (@cplog)

v1.0.0

Automation skill for Stock Deep Dive v1.0.0 (@cplog).

0· 19·0 current·0 all-time
byeric@cplog
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the behavior: the skill runs local stock-analysis and stock-fundamentals scripts to collect data. It declares the same dependency packages in SKILL.md (stock-analysis, stock-fundamentals, openclaw-tavily-search), and the included scripts call those components.
Instruction Scope
SKILL.md is an instruction-only spec and tells the agent to run local tooling and install named deps. The runtime script (scripts/collect.py) only runs other local scripts and prints JSON; it does not read environment variables or contact external network endpoints. However it executes binaries via subprocess and expects other skill code to live at absolute /data/workspace/skills/... paths, so its actual behavior depends on what those other scripts do.
Install Mechanism
No install spec is provided (instruction-only), which is low risk. But SKILL.md names dependencies that must be installed first; there is no automated installer here. The runtime uses a 'uv' CLI to run other scripts but 'uv' is not declared in required binaries — you should verify that 'uv' is available in your environment.
Credentials
The skill declares no required environment variables or credentials and the included script does not read any env vars or secret paths. Requested access is proportional to its stated purpose.
Persistence & Privilege
always is false and the skill does not request persistent/privileged presence or modify other skills. Autonomous invocation is allowed (default) but that is expected behavior.
Assessment
This skill appears to do what it says: it shells out to local stock-analysis/fundamentals scripts and returns a JSON blob. Before installing, verify: 1) the 'uv' command referenced by scripts/collect.py exists in your environment (it is not declared in the skill metadata), 2) the other skills/packages it depends on (stock-analysis, stock-fundamentals, openclaw-tavily-search) are present and you trust their code, and 3) the absolute paths (/data/workspace/skills/...) match your runtime layout. Because the script executes local programs, inspect the referenced analyze_stock.py and related scripts for unexpected network calls, credential usage, or access to sensitive files before letting the skill run autonomously.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a64x9jtcfhzbx0eedymb5rd850zhj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments