SEC 13F Whale Tracker
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to be a coherent public SEC EDGAR tracker with no credential use or exfiltration evidence; users should note the dependency install, proxy clearing, and optional scheduled runs.
This skill looks reasonable for tracking public SEC 13F filings. Before installing, use an isolated virtual environment, consider pinning the requests dependency, check whether proxy clearing is acceptable in your environment, and only enable cron or channel posting if you intentionally want recurring reports.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A future dependency version could be installed automatically when setting up the skill.
The skill installs a PyPI dependency using a lower-bound version rather than an exact pinned version or lockfile; this is common and purpose-aligned for an HTTP client, but it leaves dependency selection to install time.
requests>=2.28.0
Install in an isolated virtual environment and consider pinning or reviewing the dependency version before use.
If you rely on a proxy for monitoring, privacy, or corporate routing, this script may not use it.
The script removes proxy settings from its process before making network requests; SKILL.md discloses this, and the visible requests target SEC endpoints, but it can bypass a user's expected proxy routing.
for _proxy_var in ["ALL_PROXY", "all_proxy", "HTTPS_PROXY", "https_proxy", "HTTP_PROXY", "http_proxy"]:
os.environ.pop(_proxy_var, None)Review or remove the proxy-clearing lines if your environment requires outbound traffic to go through a proxy.
The tracker could continue running and posting reports on a schedule after initial setup if you configure cron.
The skill documents optional recurring execution and channel delivery; this is appropriate for quarterly 13F tracking, but it is a form of persistence if the user enables it.
Schedule quarterly runs ... Or use OpenClaw cron to run and send the report to a channel.
Enable cron or channel posting only if you want recurring reports, and document how to disable the schedule later.