ClawHub

Naver Stock

v1.1.1

Fetch text-based real-time stock prices (KRX, Overseas) using Naver Finance.

1· 1.9k·1 current·1 all-time
by@seungdols
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (fetch real-time prices from Naver Finance) match the declared requirement (node) and the included artifact (a bundled Node.js script index.cjs). No unrelated environment variables, binaries, or config paths are requested.
Instruction Scope
SKILL.md instructs simply to run node index.cjs <name|code> and return a JSON object. The instructions do not ask the agent to read unrelated files, access credentials, or send data to endpoints outside the stated task.
Install Mechanism
There is no install spec — the skill is instruction-only with a bundled script. That is lower risk than remote downloads; the only code that will run is the included index.cjs. The bundled file includes third-party modules (clone, node-cache) which is normal for a Node script.
Credentials
The skill does not declare or require any environment variables, credentials, or config paths. For a web-scraping/HTTP client script this is proportionate.
Persistence & Privilege
always is false and there is no install that modifies agent configuration or requests permanent presence. The skill will run only when invoked.
Assessment
This skill is internally coherent for fetching stock prices with Node.js, but the shipped index.cjs is a bundled/minified JS file from an unknown source. Before running it on important systems: (1) inspect index.cjs for any hard-coded network endpoints (it should only contact Naver Finance or related exchange endpoints), any use of child_process, eval, or process.env reads; (2) run it in a sandbox or isolated environment first and monitor network traffic to confirm it only queries expected hosts; (3) avoid running it with elevated privileges; and (4) prefer a skill with a clear upstream source or open-source repository if you need long-term trust. If you want, provide the full index.cjs text and I can look specifically for suspicious patterns (exfiltration, eval, remote downloads, or unexpected hosts).

Like a lobster shell, security has layers — review code before you run it.

latestvk973fewh5d277fxrk26rvngfyh82dhc8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📈 Clawdis
OSmacOS · Linux · Windows
Binsnode

Comments