SEC 13F Whale Tracker
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: sec-13f-tracker Version: 1.0.0 The skill is a legitimate tool for tracking SEC 13F filings from the EDGAR database. The Python script (scripts/tracker.py) implements proper rate limiting, parses public XML data from official SEC endpoints, and generates local Markdown reports. While it explicitly clears proxy environment variables to ensure direct connectivity, this behavior is documented in SKILL.md and aligns with the stated purpose of accessing public financial APIs without interference.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A future dependency version could be installed automatically when setting up the skill.
The skill installs a PyPI dependency using a lower-bound version rather than an exact pinned version or lockfile; this is common and purpose-aligned for an HTTP client, but it leaves dependency selection to install time.
requests>=2.28.0
Install in an isolated virtual environment and consider pinning or reviewing the dependency version before use.
If you rely on a proxy for monitoring, privacy, or corporate routing, this script may not use it.
The script removes proxy settings from its process before making network requests; SKILL.md discloses this, and the visible requests target SEC endpoints, but it can bypass a user's expected proxy routing.
for _proxy_var in ["ALL_PROXY", "all_proxy", "HTTPS_PROXY", "https_proxy", "HTTP_PROXY", "http_proxy"]:
os.environ.pop(_proxy_var, None)Review or remove the proxy-clearing lines if your environment requires outbound traffic to go through a proxy.
The tracker could continue running and posting reports on a schedule after initial setup if you configure cron.
The skill documents optional recurring execution and channel delivery; this is appropriate for quarterly 13F tracking, but it is a form of persistence if the user enables it.
Schedule quarterly runs ... Or use OpenClaw cron to run and send the report to a channel.
Enable cron or channel posting only if you want recurring reports, and document how to disable the schedule later.