ClawHub

Quodd

v0.1.2

Fetch real-time stock quotes via Quodd API. Get current prices, daily high/low, and after-hours data for US equities. Use when the user asks for stock prices...

2· 2.4k·3 current·3 all-time
byKevin Haney@khaney64
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (Quodd real-time quotes) match the requested binaries (python3), required environment variables (QUODD_USERNAME, QUODD_PASSWORD), and the included script which calls Quodd API endpoints. The credentials requested are the ones needed to authenticate to the described service.
Instruction Scope
SKILL.md instructs running the included Python script directly and refers only to Quodd endpoints and a local token cache. It uses absolute example paths (/home/claw/.openclaw/...), which are environment-specific but not malicious. The script reads only the declared QUODD_* env vars and writes a token cache in the user's home directory; it does not reference other system files or unrelated services.
Install Mechanism
No install spec — instruction-only with a bundled script. Nothing is downloaded at install time and no external package registries or installers are invoked, so installation risk is low.
Credentials
Only QUODD_USERNAME and QUODD_PASSWORD are required and they are used by the script to fetch an API token. No unrelated secrets or many environment variables are requested.
Persistence & Privilege
The script caches an authentication token to ~/.openclaw/credentials/quodd-token.json for up to 20 hours. This is reasonable for convenience but creates a persistent artifact in the user's home directory; always:false and no modifications to other skills or global agent settings are present.
Assessment
This skill appears to do what it says: it contacts Quodd endpoints and requires your Quodd username/password. Before installing, ensure the credentials you supply are limited to Quodd and that you trust the Quodd endpoints used. Be aware the skill will cache an authentication token at ~/.openclaw/credentials/quodd-token.json for convenience; if you prefer not to persist tokens, run with --no-cache or remove the file after use. Note: the provided script in the submission was truncated at the end, so review the full script locally before use to confirm there are no additional network calls or unexpected behavior in the missing portion.

Like a lobster shell, security has layers — review code before you run it.

0.1.0vk97b8hm6jjpmmc8t4by5memep180h1km1.1.0vk9732w89n45ch7d6bz2q46jhc180g2k11.1.1vk97318pqd7rde38y2daxgxa9hx80hmb1Initial Releasevk9729fkzs243swm8ycqsnqr0h980fjyblatestvk97dkpndpc40wsepfv6jrhhzg983cm50

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📈 Clawdis
Binspython3
EnvQUODD_USERNAME, QUODD_PASSWORD

Comments