ClawHub

Financial Research

v3.0.0

Use this skill any time the user wants financial analysis, earnings research, or investment-related reports. This includes: earnings call summaries, quarterl...

1· 481·0 current·0 all-time
byAnyGenIO@logictortoise
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description ask for financial analysis and the skill requires the AnyGen CLI and an AnyGen API key — these are directly related to the declared purpose.
Instruction Scope
SKILL.md only instructs use of the anygen CLI (auth and generate) and to install a related anygen-workflow-generate skill if missing. It does not request unrelated files or extra environment variables, but installing the additional skill could expand what is run.
Install Mechanism
Install is an npm package (@anygen/cli) that creates the anygen binary — this is expected for a CLI-based skill but npm packages may execute scripts at install time and introduce third-party code on the host. The install source is not a direct URL download, which is preferable, but there is no homepage or external verification provided in the registry metadata.
Credentials
Only ANYGEN_API_KEY is required and is declared as the primary credential — that is proportionate. However, the API key is sensitive and grants the skill/network access to AnyGen; any data sent to the service (financial documents, model inputs) will be exposed to that provider.
Persistence & Privilege
always is false and the skill does not request system-wide config changes or other skills' credentials. Autonomous invocation is allowed (default) — not flagged by itself but increases blast radius if the skill were malicious.
Assessment
This skill appears coherent for financial research, but before installing: 1) Verify the @anygen/cli npm package and the AnyGen service (look up the npm page, author, and anygen.io) since the registry entry has no homepage; 2) Treat ANYGEN_API_KEY as sensitive — consider using a scoped or short-lived key and confirm what data AnyGen will retain or log; 3) Be aware npm installs can run code during install and the skill may prompt you to install an additional anygen skill which widens the attack surface; 4) If you need stronger assurance, review the @anygen/cli package source or run it in a sandbox/VM first. If you cannot verify the package/provider, consider using a trusted alternative or manual workflows instead.

Like a lobster shell, security has layers — review code before you run it.

latestvk973yshkhpcqgax5ec8m6pxb0583x2n3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsanygen
EnvANYGEN_API_KEY
Primary envANYGEN_API_KEY

Install

Node
Bins: anygen
npm i -g @anygen/cli

Comments