Ripe Scanner
v1.0.0Free stock and crypto momentum scanner with social sentiment analysis. Scans S&P 500, Nasdaq 100, and crypto for momentum signals using RSI, EMA, Bollinger S...
⭐ 0· 161·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (momentum + social-sentiment scanner) matches the code and SKILL.md: it uses yfinance (via yfinance/pandas), StockTwits API, Reddit public JSON, computes RSI/EMA/Bollinger/volume metrics, and writes snapshots/history. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
Runtime instructions are specific and scoped to scanning and history management. The skill reads public web endpoints (Wikipedia, yfinance, StockTwits, Reddit), writes a cache to /tmp and snapshots/logs under ~/.openclaw/workspace/memory/ripe_scanner, and asks users to run snapshot (cron) for history. These actions are coherent with the stated functionality; there is no instruction to read unrelated files or exfiltrate secrets.
Install Mechanism
No automated install spec is included (instruction-only). Dependencies are standard Python packages (yfinance, pandas, numpy) and installation is manual via pip per README — this is low-risk compared to arbitrary downloads or automatic installers.
Credentials
The skill requests no environment variables or credentials. It uses public APIs that do not require keys per the documentation. Its filesystem access is limited to creating its own cache and snapshot directories inside the user's OpenClaw workspace and /tmp, which is proportionate for persisting scan history.
Persistence & Privilege
always is false and the skill is user-invocable; it stores data only under ~/.openclaw/workspace/memory/ripe_scanner and /tmp/ripe_scanner_cache.json. This is a reasonable level of persistence for historical snapshots and does not modify other skills or system-wide settings.
Assessment
This skill appears to do what it says: it fetches public market and social data, computes indicators, and saves snapshots to your OpenClaw workspace. Before installing, consider these practical precautions: 1) Review the full scripts/ripe-scan.py yourself (you were shown a truncated file) — ensure there are no hidden network endpoints or calls to os.environ not described in the docs. 2) Run the tool in a Python virtualenv or sandbox and inspect what files it creates (~/.openclaw/workspace/memory/ripe_scanner and /tmp/ripe_scanner_cache.json). 3) Be aware it will make many outbound HTTP requests (Wikipedia, yfinance/finance endpoints, StockTwits, Reddit); verify that your environment policy permits this and that you’re comfortable with those network calls. 4) If you plan to schedule snapshots via cron, confirm you want daily writes to your home workspace. 5) If you need stronger assurance, ask the publisher for the full source repository/homepage or run a static review of the complete script to confirm no unexpected behavior (e.g., hidden remote uploads, exec of fetched archives, or environment-variable exfiltration).Like a lobster shell, security has layers — review code before you run it.
latestvk97fwjvy0why3a54dsdcqkezdh82yc31
License
MIT-0
Free to use, modify, and redistribute. No attribution required.