A Stock Analysis Conflict
ReviewAudited by ClawScan on May 10, 2026.
Overview
The stock-analysis functions mostly match the description, but the package identity and storage namespace do not match the registry entry, so it may share or alter another skill’s saved portfolio data.
Review before installing. The visible stock-query behavior is not malicious, but the embedded metadata and portfolio file path appear to belong to a different skill name. If you proceed, inspect or back up ~/.clawdbot/skills/a-stock-analysis/portfolio.json and only enter holdings you are comfortable storing locally and querying through Sina Finance.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may be installing code whose embedded identity does not match the registry listing, making ownership, updates, storage paths, and review expectations harder to trust.
The supplied registry metadata identifies a different owner and slug, kn7838zsyk9ty48nb4h2k11w6s8117h9 / a-stock-analysis-conflict. That mismatch makes the package provenance and identity unclear.
"ownerId": "kn707vekcz9f58mg3b3cjs3jc17zye0v", "slug": "a-stock-analysis"
Publish the skill with matching registry metadata, _meta.json, SKILL name, and storage namespace; users should verify the publisher before installing.
Existing local portfolio costs, quantities, and stock codes from another similarly named skill could be read, analyzed, updated, or removed by this skill.
The registered slug is a-stock-analysis-conflict, but the code reads and writes a persistent portfolio file under a-stock-analysis. This can collide with or reuse another skill’s saved financial records.
PORTFOLIO_FILE = Path.home() / ".clawdbot" / "skills" / "a-stock-analysis" / "portfolio.json"
Use a slug-specific storage path, prompt before importing an existing portfolio file, and avoid entering sensitive holdings until the namespace mismatch is fixed.
If invoked without care, the agent could change or delete local portfolio entries.
The skill documents local commands that mutate portfolio records. This is purpose-aligned, but changes to stored financial records should be explicitly user-directed.
uv run {baseDir}/scripts/portfolio.py add ...; update ...; remove ...Confirm add, update, and remove operations before running them, and back up the portfolio JSON if the data matters.