stock_data
PassAudited by ClawScan on May 1, 2026.
Overview
The artifacts show a purpose-aligned stock-data fetcher that contacts SimplyWall.st, with minor dependency and invocation hygiene notes but no evidence of malicious behavior.
Before installing, be aware that stock symbols you ask about will be requested from SimplyWall.st and that the script needs aiohttp even though no dependency is declared. Use normal ticker/exchange inputs, avoid passing private information, and independently verify financial data before relying on it.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malformed ticker or exchange could cause problems if an agent or wrapper inserts it into a shell command unsafely.
The skill is invoked through a shell command using ticker and exchange values that come from the user's request. This is the expected interface, but unquoted or unvalidated substitution can be risky in shell-based invocation.
cd ~/.openclaw/workspace/skills/stock-data-skill && python3 skill.py {TICKER} {EXCHANGE}Only pass normal ticker/exchange strings, quote arguments when invoking the script, and restrict exchange values to the documented supported list.
The skill may fail until aiohttp is installed, and users should ensure any manually installed package comes from a trusted source.
The code requires an external Python package at runtime, while the supplied install metadata does not declare an install spec or pinned dependency. This is not malicious, but it is a packaging/provenance hygiene issue.
import aiohttp ... raise ImportError('aiohttp required: pip install aiohttp')Publish a clear dependency declaration with a pinned aiohttp version or a reviewed install specification.