Ripe Scanner
PassAudited by ClawScan on May 10, 2026.
Overview
The visible artifacts show a coherent local market scanner, but users should notice it installs unpinned Python packages, may use an optional Tavily API key for Reddit sentiment, and stores local history.
This appears reasonable to install if you are comfortable with Python package installs and external market/social-data requests. Use a virtual environment, be aware that Reddit sentiment may use Tavily if you set TAVILY_API_KEY, and delete the local history directory if you do not want scan records kept. The provided script content was truncated in the review, so prefer reviewing the full script or installing from a trusted source.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the setup pulls external code into the local Python environment.
The documented setup installs third-party Python packages without version pins. This is purpose-aligned for a Python market scanner, but package contents can change over time.
pip install yfinance pandas numpy
Install in a virtual environment and consider pinning or reviewing package versions before regular use.
If TAVILY_API_KEY is set, the scanner may use that Tavily account/key to perform sentiment searches.
The visible code can read an optional Tavily API key and use it for Reddit sentiment search, while registry metadata declares no environment variables. This appears purpose-aligned and no leakage is shown, but it is under-disclosed.
tavily_key = os.environ.get('TAVILY_API_KEY', '') ... urllib.request.Request('https://api.tavily.com/search'Only set the Tavily key if you want that integration, and the skill should disclose it as an optional credential.
Local history files may reveal watched assets or affect future change/history results, especially if the workspace is shared or backed up.
The skill intentionally stores scan history for later comparison and win-rate tracking. The storage is scoped and disclosed, but it is persistent local memory that can influence future outputs.
Daily snapshots stored in `~/.openclaw/workspace/memory/ripe_scanner/snapshots/`. Signal log at `~/.openclaw/workspace/memory/ripe_scanner/signals_log.json`.
Review or delete the ripe_scanner memory directory if you do not want scan history retained.