Stocks and Financial Data Pull
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: stocks Version: 4.2.0 The 'stocks' skill bundle is a comprehensive financial data integration using the `yfinance` library. The core logic in `scripts/yfinance_ai.py` provides over 50 tools for stocks, crypto, and forex data with robust error handling, rate limiting, and validation. The `SKILL.md` file provides clear instructions for the AI agent to execute these tools via a Python virtual environment, which is a standard operational pattern for this framework. No evidence of malicious behavior, data exfiltration, or harmful prompt injection was found; the skill's capabilities are entirely consistent with its stated purpose.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill depends on external package availability and integrity, though these packages are expected for the skill's financial-data purpose.
The skill installs third-party Python packages using lower-bound ranges, so future package versions can be selected at install time.
yfinance>=0.2.66 pandas>=2.2.0 pydantic>=2.0.0 requests>=2.28.0
Install in an isolated virtual environment as instructed, and consider pinning exact dependency versions if you need reproducible or higher-assurance deployments.
This is expected for the skill, but careless substitution of method names or arguments could turn a data lookup into broader local code execution.
The documented usage pattern invokes Python code locally and substitutes a method call into the command.
cd SKILL_DIR/scripts && SKILL_DIR/.venv/bin/python3 -c "... result = await t.METHOD(ARGS) ..."
Use only the documented method names and simple validated arguments, and avoid inserting untrusted text directly into the Python command.
The agent may continue seeing and using this skill's command pattern after the original task, even when it is no longer needed.
The skill recommends adding its instructions to persistent agent context that may be reused across sessions.
copy the template below into your agent's `TOOLS.md` (or whichever file your framework injects into every session)
Keep the added TOOLS.md content scoped to environments where this financial data skill is intended, and remove it when no longer needed.
Warnings, dependency errors, or rate-limit messages may be hidden from view, making results harder to verify.
The recommended command hides warning output that could otherwise help users diagnose failures or unexpected behavior.
Suppress stderr (2>/dev/null) to hide warnings.
Do not suppress stderr during setup, debugging, or when validating unfamiliar outputs; only suppress it if you knowingly want cleaner routine output.