Stock Info Explorer
PassAudited by ClawScan on May 10, 2026.
Overview
The skill appears to do what it claims—fetch public Yahoo Finance data and generate stock summaries/charts—but it runs a local Python script with third-party dependencies.
This looks reasonable for a stock-charting helper. Before installing, be comfortable with `uv` running the bundled Python script and resolving third-party packages, and remember that ticker queries go to Yahoo Finance/yfinance while generated charts are saved under `/tmp`. Review confidence is medium because the displayed source artifact is marked truncated, though the visible code and static scan do not show suspicious behavior.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A future dependency update or compromised package could change what code runs locally.
The script declares runtime Python dependencies without version pins. This is expected for a yfinance charting tool, but it means execution depends on third-party package resolution at run time.
# dependencies = [ # "yfinance", # "rich", # "pandas", # "plotille", # "matplotlib", # "mplfinance" # ]
Run the skill in a normal least-privilege environment, and consider pinning or reviewing dependencies if you need reproducible or higher-assurance use.
Your requested ticker/period is sent through the yfinance/Yahoo Finance data path, and a chart file may be created or overwritten under `/tmp`.
The script fetches market history for the provided symbol/period and saves a chart image locally. This is disclosed and purpose-aligned, but it is still a local tool action with network access and file output.
hist = ticker.history(period=period) ... path = f"/tmp/{symbol}_pro.png" ... mpf.plot(hist, **plot_kwargs)Use ordinary ticker symbols, review the printed `CHART_PATH`, and avoid passing unusual path-like strings as ticker names.