Market Analyst
v1.5.0Global asset investment analysis and advisory — VN & US stocks, forex, gold, oil, crypto, ETF, DCA. Combines real-time technical analysis (RSI, MACD, EMA, Bo...
⭐ 0· 209·0 current·0 all-time
byeddie Luong@eddieluong
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (market analysis across stocks, FX, commodities, crypto, DCA, portfolio tools) match the provided scripts and many reference documents. The scripts and TradingView scanner usage align with the claimed capabilities. There are no unrelated environment variables, credentials, or external services requested that would contradict the stated purpose.
Instruction Scope
SKILL.md instructs the agent to execute local Python scripts under ~/.openclaw/workspace/skills/market-analyst and to POST to TradingView public scanner endpoints. This is coherent for a market scanner, but it means the skill will execute code present in the bundle and perform outbound network calls; the SKILL.md grants the agent discretion to run scanning commands and to fetch multiple tickers. There are no instructions to access unrelated system files or to exfiltrate credentials, however if you want strong assurance, review the script sources before running.
Install Mechanism
No install spec is provided and no external downloads are requested. The skill is effectively an instruction bundle plus Python scripts included in the package, which reduces install-time risk (nothing is fetched from arbitrary URLs).
Credentials
The skill declares no required environment variables, credentials, or config paths. SKILL.md uses public TradingView endpoints and standard Python; nothing requests unrelated secrets or broad credential access.
Persistence & Privilege
The skill is not marked always:true and does not request persistent system-level privileges. It will run only when invoked (user-invocable / agent-autonomous invocation allowed by default). There is no indication the skill tries to modify other skills or system-wide agent settings.
Scan Findings in Context
[pre-scan-injection-none] expected: No pre-scan injection signals were detected. The skill does include multiple Python scripts and reference docs which is expected for an analysis tool.
Assessment
This skill appears internally consistent with its market-analysis purpose, but it will execute the included Python scripts and make outbound network requests (TradingView scanner endpoints and possibly other market data calls). Before installing or enabling autonomous invocation: (1) review the scripts (scripts/*.py) to confirm they do only the network requests and computations you expect, (2) ensure your environment policy permits outbound requests to tradingview.com and other data sources, (3) do not provide sensitive credentials (none are required), and (4) consider running the skill in a sandboxed agent instance first if you want to observe behavior before broad use. If you lack the ability to audit the code yourself, treat the skill as untrusted code that can read/write within the skill workspace and make network calls.Like a lobster shell, security has layers — review code before you run it.
latestvk97es782ta0xexkx8v7b5xgynx83k8hf
License
MIT-0
Free to use, modify, and redistribute. No attribution required.