ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Market Pulse Wingman

v1.0.0

Market risk co-pilot for equities. Use when you need to scan a watchlist for technical context, fresh headlines, and operational/security red flags, then log...

0· 60·0 current·0 all-time
byYael@yaelsprikut

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for yaelsprikut/market-pulse-wingman.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Market Pulse Wingman" (yaelsprikut/market-pulse-wingman) from ClawHub.
Skill page: https://clawhub.ai/yaelsprikut/market-pulse-wingman
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install market-pulse-wingman

ClawHub CLI

Package manager switcher

npx clawhub@latest install market-pulse-wingman
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, and the SKILL.md workflow are coherent: a market-risk co‑pilot that summarizes technical context, headlines, and writes a log. No unrelated env vars, binaries, or installs are requested.
!
Instruction Scope
The instructions are largely scoped to the stated task, but they are open-ended about obtaining 'recent news' and 'publicly available info' (leaving the agent discretion to fetch web content). More importantly, pre-scan detected unicode control characters in SKILL.md — this is a common prompt-injection technique used to hide or alter instructions and could change runtime behavior. Inspect the raw file before trusting autonomous runs.
Install Mechanism
Instruction-only skill with no install spec or code files — lowest install risk; nothing will be written to disk by an installer.
Credentials
No environment variables, credentials, or configuration paths are requested. Requested capabilities are proportional to a news-and-price summarization skill.
Persistence & Privilege
always:false and no special privileges or config modifications requested. Autonomous invocation is permitted (platform default) but not combined with broad access.
Scan Findings in Context
[unicode-control-chars] unexpected: Hidden control characters in SKILL.md are not expected for a market-summary instruction file; they can be used to inject or obfuscate instructions that change model behavior. No other regex findings (no code files) were available for context.
What to consider before installing
What to consider before installing: - The skill itself is coherent for market-headline scanning and logging and asks for no credentials or installs. That part looks benign. - However, the SKILL.md contains hidden unicode control characters (a prompt-injection indicator). These characters can conceal or alter instructions the model will follow. Before installing, inspect the raw SKILL.md for non-printable/control characters (e.g., open in a hex editor, run `cat -v SKILL.md`, or use a tool that shows Unicode code points) and remove them if present. - Because the workflow is open-ended about obtaining headlines, decide and restrict whether the agent is allowed to make live web requests. If you don't want network fetches, restrict the agent or require the user to paste sources. - Do not provide any credentials or API keys to this skill. Test it first with non-sensitive, mock watchlists and verify that all cited headlines and timestamps are real and come from expected public sources. - If possible, ask the publisher for a source/homepage or request a cleaned SKILL.md without hidden characters. If you can't verify the file's origin, treat installation as higher risk. Confidence is medium because the skill is otherwise coherent, but the prompt-injection signal is a notable red flag that requires manual review before trusting autonomous use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bfb7y69erya96tajee7rw3n84y2hc
60downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
Yael@yaelsprikut
latest
Download

Market Pulse Wingman

Overview

Use this skill when the user wants a fast but disciplined read on one or more tickers. It blends the day-trading workflow (trend, catalysts, sizing) with a security-auditor pass over current headlines and finally writes a short log entry for the self-improvement tracker.

Quick start

  1. Collect context from the user:
    • Tickers (and optional notes: position size, time horizon, risk tolerance)
    • Any data they already have (price, % change, headlines). If nothing is provided, ask for a watchlist snapshot or proceed with publicly available info.
  2. For each ticker, run the structured workflow below and append the result.
  3. End with a log template (filled out or ready for the user to confirm).

Workflow per ticker

  1. Baseline snapshot
    • Price, daily % change, volume vs. average, ATR/volatility context, near-term catalysts (earnings date, macro event, options expiry).
    • Mention trend bias (e.g., above/below 20/50 EMA, range-bound) using day-trading-skill language.
  2. Risk + headline sweep
    • Scan recent news or user-provided headlines for OWASP/security/operational issues: breaches, lawsuits, product recalls, downgrades, exec exits.
    • Tag the severity (⚠️ moderate risk, 🚨 major risk) and cite the source + timestamp.
  3. Bot recommendation
    • Combine technical + risk view into one clear nudge: e.g., "Trim size into earnings," "Allowed to add on pullbacks," "Stand aside until breach story is verified."
    • Include a quick contingency (“invalidated if price loses $X” or “if additional breach details emerge”).
  4. Decision log
    • Generate a short entry so the user can drop it in the self-improvement tracker: 
      - Ticker: XYZ
  - Date: 2026-04-16
  - Bot take: ⚠️ Hold until post-earnings volatility settles.
  - Planned action: _____
  - Follow-up reminder: Recheck headlines + price 2026-04-18.

Output format

## Market Pulse — 16 Apr 2026

### Ticker: XYZ
- Price: $123.45 (+1.8% / vol 1.3× avg) | Earnings: Apr 19 | ATR: 3.2
- Setup: Uptrend holding 21EMA; buyers defending $120 gap.
- Risk flags: 🚨 Data breach rumor (TechCrunch, 4h ago) + class-action chatter.
- Bot take: Trim to core until breach story is confirmed; re-add only above $126 on volume.
- Log: (prefill template for user)

Add additional tickers as separate sections.

Data & tooling notes

  • If no live API is available, rely on whatever data the user gives plus broadly known info (earnings calendar, macro events). Be explicit about assumptions.
  • Headlines can be summarized manually from user paste or recent articles; cite source + time.
  • Keep the total response compact—2–4 bullet lines per ticker plus the log template.

References

  • references/ can store future templates (e.g., logging schema, API hints). Currently unused; delete if not needed later.

Comments

Loading comments...