ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

stock-dividend

v1.0.0

Evaluate dividend yield, payout safety, growth, and income quality for stocks through AISA. Use when: the user asks about dividend safety, income investing,...

0· 63·0 current·0 all-time
by@bibaofeng

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for bibaofeng/stock-dividend.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "stock-dividend" (bibaofeng/stock-dividend) from ClawHub.
Skill page: https://clawhub.ai/bibaofeng/stock-dividend
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: AISA_API_KEY
Required binaries: python3
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install stock-dividend

ClawHub CLI

Package manager switcher

npx clawhub@latest install stock-dividend
Security Scan
Capability signals
CryptoCan make purchasesRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with the code: the Python script performs dividend analysis and calls an LLM-style AISA API using an API key (AISA_API_KEY). Required binary (python3) is appropriate and the script's behavior (prompting a model to fetch live financial data) matches the declared capability.
!
Instruction Scope
SKILL.md instructs running the bundled Python script as the runtime. The script does not access local secrets or files, but it embeds prompts that instruct the model to 'fetch live data' with 'built-in financial data tools' (relying on the external AISA tool integration). The script also reads environment variables (AISA_BASE_URL, AISA_MODEL) that are not declared in SKILL.md/metadata, which is an out-of-band control over where requests go and which model is used.
Install Mechanism
This is instruction-only with no install spec (lowest risk). There is a commented dependency on the openai Python package in the script header, but no installer is invoked by the skill itself. That means failures may occur if the runtime doesn't provide the dependency, but there is no automatic download of arbitrary code.
!
Credentials
Declared required credential (AISA_API_KEY) is appropriate. However, the script consumes additional environment variables (AISA_BASE_URL and AISA_MODEL) that are not declared as required. AISA_BASE_URL in particular can redirect requests to an arbitrary endpoint, which could be used to exfiltrate prompt/data if set maliciously. The number of required secrets is small, but the undocumented overrideable endpoint is a proportionality concern.
Persistence & Privilege
The skill is not always-enabled and is user-invocable. It does not request persistent system presence or modify other skills/config. No elevated privileges are requested.
What to consider before installing
This skill appears to do what it says (dividend analysis via an AISA model) and only requires a single API key (AISA_API_KEY). Before installing: - Verify the AISA API host: the script defaults to https://api.aisa.one/v1 but also reads AISA_BASE_URL (not declared). Do not set AISA_BASE_URL to unknown hosts; if you inherit this skill, inspect the code and keep the base URL pointed to the official provider. - Note AISA_MODEL can be overridden via env; confirm which model you want used and that it is trustworthy. - The script uses the openai Python client (commented dependency). Ensure dependencies are installed from trusted sources and run the skill in an isolated environment if you have concerns. - The skill's prompts instruct the model to fetch live financial data; understand that live-data retrieval will be performed by your AISA account and may involve remote queries through that service. - If you require stronger guarantees, request the author to declare AISA_BASE_URL and AISA_MODEL in the skill metadata and to document their intended values, or remove the override capability. If you can't confirm the base URL and model provenance, treat this as potentially risky and consider running the code in a sandbox or rejecting installation.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binspython3
EnvAISA_API_KEY
Primary envAISA_API_KEY
latestvk97e3kha7vageae1rx0wm11jh1851xb1
63downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
@bibaofeng
latest
Download

Dividend Analysis

When to Use

  • Evaluate dividend yield, payout safety, growth, and income quality for stocks through AISA. Use when: the user asks about dividend safety, income investing, dividend growth, or dividend aristocrat style screening.

When NOT to Use

  • Do not use this skill for browser-cookie extraction, passwords, Keychain access, or other local sensitive credential access.
  • Prefer a different skill when the user request is outside this skill's domain.

Capabilities

  • Focus on dividend safety, coverage, growth, and income quality.

Quick Start

export AISA_API_KEY="your-key"

Primary Runtime

Use the bundled Python client as the canonical ClawHub runtime path:

python3 scripts/dividends.py

Example Queries

  • Check whether JNJ and PG look safer for dividend income.

Notes

  • Informational only and not financial advice.

Comments

Loading comments...