Stock Info Explorer
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: stock-info-explorer Version: 1.2.10 The OpenClaw skill 'stock-info-explorer' is benign. It uses the `yfinance` library to fetch stock data and `mplfinance`/`matplotlib` to generate charts, saving them to the `/tmp/` directory. All operations, including network requests to Yahoo Finance and local file writes, are clearly aligned with its stated purpose of providing financial analysis. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, obfuscation, or prompt injection attempts against the agent in `SKILL.md`.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A future dependency update or compromised package could change what code runs locally.
The script declares runtime Python dependencies without version pins. This is expected for a yfinance charting tool, but it means execution depends on third-party package resolution at run time.
# dependencies = [ # "yfinance", # "rich", # "pandas", # "plotille", # "matplotlib", # "mplfinance" # ]
Run the skill in a normal least-privilege environment, and consider pinning or reviewing dependencies if you need reproducible or higher-assurance use.
Your requested ticker/period is sent through the yfinance/Yahoo Finance data path, and a chart file may be created or overwritten under `/tmp`.
The script fetches market history for the provided symbol/period and saves a chart image locally. This is disclosed and purpose-aligned, but it is still a local tool action with network access and file output.
hist = ticker.history(period=period) ... path = f"/tmp/{symbol}_pro.png" ... mpf.plot(hist, **plot_kwargs)Use ordinary ticker symbols, review the printed `CHART_PATH`, and avoid passing unusual path-like strings as ticker names.