Yfinance
v0.1.2Access Yahoo Finance data — stock prices, history, financials, options, dividends, news, and market screeners
⭐ 6· 780·2 current·5 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (Yahoo Finance data via an MCP server) align with the files and runtime instructions. The SKILL.md documents 12 tools matching the described finance capabilities and the installer bootstraps a Python package that provides them.
Instruction Scope
SKILL.md itself is scoped to finance queries. The included install.sh goes beyond mere local setup: it clones the GitHub repo, installs a helper tool (uv), creates a venv, installs the package, and can modify mcporter configuration and copy SKILL.md into an OpenClaw skills directory. Those config/file changes are expected for installation but are broader than just 'run this tool'.
Install Mechanism
install.sh uses network operations: git clone from GitHub and curl | sh https://astral.sh/uv/install.sh to install 'uv'. Piping remote install scripts to sh is higher risk; the repo being cloned is a third‑party GitHub account rather than a well-known organization. The rest (creating venv, pip install -e) is standard.
Credentials
The skill does not request secrets or service credentials. The installer exposes optional environment variables to control paths and behavior (PROJECT_DIR, VENV_DIR, CLAWD_DIR, etc.) but does not require unrelated credentials or keys.
Persistence & Privilege
Installer can modify system config: it auto-detects and edits mcporter.json and writes files into an OpenClaw skills directory (default /root/clawd). While this is intended for registration, it does modify other system/agent configs and system paths—review and explicit consent are advisable. The skill is not force-enabled (always:false).
Assessment
This package is coherent with a Yahoo Finance MCP server, but the installer takes actions you should not run blindly. Before installing: (1) review the remote GitHub repo content; (2) avoid piping unknown scripts to sh—prefer installing 'uv' manually or inspect https://astral.sh/uv/install.sh first; (3) run the installer in a disposable environment or container if possible; (4) set SKIP_MCPORTER or SKIP_SKILL, or set CLAWD_DIR/MCPORTER_CONFIG to safe locations if you do not want it to edit global mcporter/OpenClaw config; (5) ensure you understand/consent to the changes the script makes (git clone, venv creation, pip install, and config file edits).Like a lobster shell, security has layers — review code before you run it.
latestvk971srswz950st7ye6x54706zh81apet
License
MIT-0
Free to use, modify, and redistribute. No attribution required.