Stock Info Explorer
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A future dependency update or compromised package could change what code runs locally.
The script declares runtime Python dependencies without version pins. This is expected for a yfinance charting tool, but it means execution depends on third-party package resolution at run time.
# dependencies = [ # "yfinance", # "rich", # "pandas", # "plotille", # "matplotlib", # "mplfinance" # ]
Run the skill in a normal least-privilege environment, and consider pinning or reviewing dependencies if you need reproducible or higher-assurance use.
Your requested ticker/period is sent through the yfinance/Yahoo Finance data path, and a chart file may be created or overwritten under `/tmp`.
The script fetches market history for the provided symbol/period and saves a chart image locally. This is disclosed and purpose-aligned, but it is still a local tool action with network access and file output.
hist = ticker.history(period=period) ... path = f"/tmp/{symbol}_pro.png" ... mpf.plot(hist, **plot_kwargs)Use ordinary ticker symbols, review the printed `CHART_PATH`, and avoid passing unusual path-like strings as ticker names.