A Stock Vcp
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: a-stock-vcp Version: 1.0.9 The skill bundle is a legitimate financial analysis tool designed to provide stock market signals based on the Volatility Contraction Pattern (VCP). It implements a clear monetization model using the x402 protocol for micro-payments (0.01 USDC) on the Base chain to a specified wallet (0x1a9275...10CA). The code in api.py is a standard FastAPI implementation, and the instructions in SKILL.md are consistent with the stated purpose of fetching data from a remote API (a-stock-signals.vercel.app) without any evidence of malicious intent, data exfiltration, or prompt injection attacks.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could pay for and rely on stock recommendations that may not be based on current market screening as described.
The included API code says the stock signals are simulated and hard-coded, while the skill description says it retrieves processed VCP breakout results from market data sources via a backend API.
# VCP信号数据 (模拟) VCP_SIGNALS = [
Treat the output as unverified sample data unless the publisher can prove the remote backend uses live or current market data and clearly labels simulated results.
Each use may cost 0.01 USDC, so repeated or unintended invocations could create small charges.
The skill is designed to make paid API calls through x402. This is disclosed and purpose-aligned, but it can still incur charges if invoked.
每次调用:0.01 USDC - 支付:x402 协议(Base 链 USDC)
Only enable the skill if you are comfortable with the per-call fee, and require explicit approval before paid calls.
The reviewed files may not reflect exactly what the remote service returns at runtime.
The skill relies on a remote backend endpoint; the local artifacts do not fully establish the hosted service's implementation or provenance.
endpoint: "https://a-stock-signals.vercel.app/v"
Prefer publishers that document backend provenance, data sources, and change controls, especially for paid financial-signal services.