Stocks and Financial Data Pull
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a read-only Yahoo Finance data skill, with disclosed setup and persistence notes but no artifact evidence of trading, credential access, exfiltration, or destructive behavior.
This looks like a financial data lookup skill rather than a trading or purchasing tool. Before installing, use an isolated virtual environment, consider pinning dependencies if reproducibility matters, avoid inserting raw user text into the Python command template, and be cautious about adding the instructions to an agent-wide file that is loaded in every session.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill depends on external package availability and integrity, though these packages are expected for the skill's financial-data purpose.
The skill installs third-party Python packages using lower-bound ranges, so future package versions can be selected at install time.
yfinance>=0.2.66 pandas>=2.2.0 pydantic>=2.0.0 requests>=2.28.0
Install in an isolated virtual environment as instructed, and consider pinning exact dependency versions if you need reproducible or higher-assurance deployments.
This is expected for the skill, but careless substitution of method names or arguments could turn a data lookup into broader local code execution.
The documented usage pattern invokes Python code locally and substitutes a method call into the command.
cd SKILL_DIR/scripts && SKILL_DIR/.venv/bin/python3 -c "... result = await t.METHOD(ARGS) ..."
Use only the documented method names and simple validated arguments, and avoid inserting untrusted text directly into the Python command.
The agent may continue seeing and using this skill's command pattern after the original task, even when it is no longer needed.
The skill recommends adding its instructions to persistent agent context that may be reused across sessions.
copy the template below into your agent's `TOOLS.md` (or whichever file your framework injects into every session)
Keep the added TOOLS.md content scoped to environments where this financial data skill is intended, and remove it when no longer needed.
Warnings, dependency errors, or rate-limit messages may be hidden from view, making results harder to verify.
The recommended command hides warning output that could otherwise help users diagnose failures or unexpected behavior.
Suppress stderr (2>/dev/null) to hide warnings.
Do not suppress stderr during setup, debugging, or when validating unfamiliar outputs; only suppress it if you knowingly want cleaner routine output.