ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Stock Trend Scanner

v1.0.0

Stock technical analysis scanner based on swing trading principles with multi-timeframe resonance. Use when user asks to scan, analyze, or check stocks for b...

0· 24·0 current·0 all-time
by@eddieguan801-oss
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, SKILL.md, and the included Python script consistently implement a multi-timeframe stock scanner using yfinance/pandas/numpy. The requested capabilities (fetch historical quotes, compute MACD, moving averages, support/resistance) align with the stated purpose.
Instruction Scope
SKILL.md instructs running the included Python script and explicitly mentions yfinance (no API key). The runtime instructions do not request unrelated files, env vars, or external endpoints beyond Yahoo Finance. However SKILL.md does not list required Python packages (pandas, numpy, yfinance) or how to install them; the script will perform network requests to fetch market data.
Install Mechanism
No install spec (instruction-only skill) which lowers systemic risk. However a non-trivial Python script is included and will be executed locally; the SKILL.md does not provide a vetted install or dependency list. That means users must install Python packages themselves (preferably in a virtualenv).
Credentials
The skill declares no environment variables, no credentials, and no config paths. The script also does not read env vars or local config in the visible portion — requested access is proportionate to a data-fetching scanner (network access to Yahoo via yfinance).
Persistence & Privilege
always is false, the skill is user-invocable, and it does not request persistent system privileges or modify other skills' configurations in the visible files. Autonomous invocation is allowed (platform default) but not combined with other concerning privileges.
What to consider before installing
What to consider before installing/use: - The code and SKILL.md are coherent with a stock scanner and the script uses yfinance to fetch market data (expected network access). - The package has no listed author/homepage and was published by an unknown owner ID — lower trust by provenance alone. - The prompt-provided script was truncated at generate_signal; you should inspect the entire script file locally (especially any code after generate_signal) for hidden network calls, credential usage, or subprocess execution before running. - Install and run only in a contained environment (Python virtualenv or VM). Ensure dependencies (python3, pandas, numpy, yfinance) come from official sources (pip) and pin versions. - If you plan to run it against sensitive systems or provide it credentials, do not proceed until you have audited the full source. If you only need analysis without executing code, consider reimplementing the logic or using a well-known vetted tool/service.

Like a lobster shell, security has layers — review code before you run it.

latestvk978m5rjhqdvymm89ef0ksts19844tjw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments