Stock Quote
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a normal stock-quote helper, but users should notice its external finance-service calls, optional package installs, delayed default data source, and portfolio-memory examples.
Before installing, make sure you are comfortable running the Python helper and sending ticker symbols to external finance services. For trading decisions, verify the data source and timestamp because the default Stooq path is described as delayed end-of-day data. Only add the HEARTBEAT.md or MEMORY.md portfolio-update examples if you intentionally want persistent portfolio records.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could mistake delayed end-of-day prices for current market prices, especially during pre-trade checks.
The same artifact advertises real-time/pre-trade use while disclosing that the default source is delayed end-of-day data. This is disclosed, but users need to notice the timeliness limitation.
description: "Fetch real-time stock prices ... Pre-trade price verification ... Default: Stooq" ... "Stooq ... Free, delayed EOD prices"
Check the returned source and timestamp, and use an actually real-time source for trading decisions.
Third-party finance services may see which tickers or portfolio lists are queried.
The code sends user-requested ticker symbols to external finance providers. This is expected for the skill, but those symbols may reflect a user's holdings or interests.
requests.get(url, timeout=10, allow_redirects=True) ... "https://financialmodelingprep.com/api/v3/quote" ... "https://finance.yahoo.com/quote/{symbol}"Avoid submitting sensitive full-portfolio lists unless you are comfortable sharing those ticker symbols with the selected provider.
Installing dependencies from package repositories can introduce normal supply-chain risk if the environment or package source is not trusted.
The skill documents user-run installation of unpinned Python packages. This is common and purpose-aligned, but it depends on external package provenance.
pip install yfinance ... pip install requests
Install dependencies in a trusted Python environment and consider pinning known-good package versions.
Stale or incorrect quote data could be written into persistent memory and influence later portfolio analysis.
The skill includes an optional persistent workflow that could store portfolio valuation data and recurring instructions in agent memory files.
Add to `HEARTBEAT.md`: ... `Update MEMORY.md position table with latest market values`
Only enable HEARTBEAT.md or MEMORY.md updates with explicit user approval, review changes before saving, and keep stored portfolio data scoped.