testskill-zip1

v1.0.5

Analyze stocks and cryptocurrencies using Yahoo Finance data. Supports portfolio management, watchlists with alerts, dividend analysis, 8-dimension stock sco...

⭐ 0· 106·0 current·0 all-time

byyuangui@yinwuzhe·duplicate of @perfectworldltd/x-search-1-0-0

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for yinwuzhe/test-x-sear.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "testskill-zip1" (yinwuzhe/test-x-sear) from ClawHub.
Skill page: https://clawhub.ai/yinwuzhe/test-x-sear
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: uv
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install test-x-sear

ClawHub CLI

Package manager switcher

npx clawhub@latest install test-x-sear

Security Scan

Capability signals

CryptoCan make purchasesRequires OAuth token

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The skill name/description and included Python scripts (analysis, hot scanner, watchlist, portfolio, dividends, rumor scanner) are consistent with a stock/crypto analysis tool. Requiring the 'uv' binary is coherent with many CLI examples that use 'uv run', though several commands use 'python3' directly which is inconsistent. The optional Twitter integration is relevant to 'hot scanner' and 'rumor scanner', but the metadata declares no required env vars while the docs instruct collecting Twitter auth cookies — a mismatch.

Instruction Scope

SKILL.md and docs instruct users to obtain Twitter/X auth by copying browser cookies (auth_token and ct0) via DevTools and to grant Terminal 'Full Disk Access' on macOS. Those steps direct collection of sensitive browser tokens and require elevated system permissions that are outside the normal scope of a data-aggregation/analysis skill. The skill also tells you to create a .env with those tokens and to store portfolio/watchlist data under a home path; the cookie-extraction instructions in particular are disproportionate.

ℹ

Install Mechanism

Install spec uses a Homebrew formula 'uv' which matches the declared required binary 'uv'. Using a brew formula is a low-to-moderate risk install pattern — verify the formula source/tap and checksum before installing. There is no download-from-arbitrary-URL or extract step in the provided install spec. The presence of both 'uv run' and direct 'python3' invocation is inconsistent but not itself malicious.

Credentials

Declared requirements list no env vars, but documentation asks the user to place AUTH_TOKEN and CT0 in a .env (browser cookie values) for Twitter access. That creates a gap between declared and actual credential needs. Additionally, instructions to grant Terminal full-disk access to retrieve cookies are high-privilege and unnecessary if a proper API/key-based Twitter integration is used. Storing auth cookies in plaintext .env files is also risky.

Persistence & Privilege

The skill persists user data to ~/.clawdbot/skills/stock-analysis (portfolios.json, watchlist.json) which is reasonable for a CLI tool. However, the documentation's guidance to grant 'Full Disk Access' to the Terminal (macOS) elevates privilege beyond normal execution needs and could enable access to other apps' data (cookies). While the skill itself is not flagged as always-enabled, the combination of instructions that require elevated OS permission plus cookie extraction increases the potential blast radius.

What to consider before installing

This skill appears to be a legitimate stock/crypto analysis bundle, but exercise caution before installing or following the Twitter-related setup steps. Specific recommendations: - Do NOT follow instructions to grant Terminal 'Full Disk Access' or to copy browser cookies unless you fully trust the developer — copying browser cookies gives broad access to your logged-in accounts. Prefer creating a Twitter/X developer app and using proper API keys with minimal scopes instead of extracting cookies. - The package asks you to store AUTH_TOKEN and CT0 in a .env file; storing session cookies in plaintext is risky. If you must enable social features, use dedicated API credentials and place them in a secure secret store. - Verify the Homebrew formula 'uv' before installing (check the tap and upstream project). If unsure, run the Python scripts directly inside an isolated environment (virtualenv/container) rather than installing new system binaries. - Inspect network behavior: review the scripts for where data is POSTed or external endpoints beyond documented sources. Run the code in a sandbox or VM first and monitor outbound connections. - If you only need core analysis, skip optional social features (hot_scanner --no-social or --fast) to avoid the parts that request elevated privileges. If you want higher assurance, ask the publisher for: (1) the official brew tap/source for 'uv', (2) justification for requiring browser cookie extraction vs API tokens, and (3) a minimized set of instructions that don't request elevated OS permissions. If those answers are unsatisfactory, run the tool in an isolated VM/container and avoid supplying browser cookies.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

📈 Clawdis

Binsuv

Install

Install uv (brew)

Bins: uv

brew install uv

latestvk979j7sgqjz60v6qvv72hr41jn84ekqa

106downloads

0stars

5versions

Updated 2w ago

v1.0.5

MIT-0

Stock Analysis v6.1

Analyze US stocks and cryptocurrencies with 8-dimension analysis, portfolio management, watchlists, alerts, dividend analysis, and viral trend detection.

What's New in v6.2

🔮 Rumor Scanner — Early signals before mainstream news
- M&A rumors and takeover bids
- Insider buying/selling activity
- Analyst upgrades/downgrades
- Twitter/X "hearing that...", "sources say..." detection
🎯 Impact Scoring — Rumors ranked by potential market impact

What's in v6.1

🔥 Hot Scanner — Find viral stocks & crypto across multiple sources
🐦 Twitter/X Integration — Social sentiment via bird CLI
📰 Multi-Source Aggregation — CoinGecko, Google News, Yahoo Finance
⏰ Cron Support — Daily trend reports

What's in v6.0

🆕 Watchlist + Alerts — Price targets, stop losses, signal changes
🆕 Dividend Analysis — Yield, payout ratio, growth, safety score
🆕 Fast Mode — --fast skips slow analyses (insider, news)
🆕 Improved Performance — --no-insider for faster runs

Quick Commands

Stock Analysis

# Basic analysis
uv run {baseDir}/scripts/analyze_stock.py AAPL

# Fast mode (skips insider trading & breaking news)
uv run {baseDir}/scripts/analyze_stock.py AAPL --fast

# Compare multiple
uv run {baseDir}/scripts/analyze_stock.py AAPL MSFT GOOGL

# Crypto
uv run {baseDir}/scripts/analyze_stock.py BTC-USD ETH-USD

Dividend Analysis (NEW v6.0)

# Analyze dividends
uv run {baseDir}/scripts/dividends.py JNJ

# Compare dividend stocks
uv run {baseDir}/scripts/dividends.py JNJ PG KO MCD --output json

Dividend Metrics:

Dividend Yield & Annual Payout
Payout Ratio (safe/moderate/high/unsustainable)
5-Year Dividend Growth (CAGR)
Consecutive Years of Increases
Safety Score (0-100)
Income Rating (excellent/good/moderate/poor)

Watchlist + Alerts (NEW v6.0)

# Add to watchlist
uv run {baseDir}/scripts/watchlist.py add AAPL

# With price target alert
uv run {baseDir}/scripts/watchlist.py add AAPL --target 200

# With stop loss alert
uv run {baseDir}/scripts/watchlist.py add AAPL --stop 150

# Alert on signal change (BUY→SELL)
uv run {baseDir}/scripts/watchlist.py add AAPL --alert-on signal

# View watchlist
uv run {baseDir}/scripts/watchlist.py list

# Check for triggered alerts
uv run {baseDir}/scripts/watchlist.py check
uv run {baseDir}/scripts/watchlist.py check --notify  # Telegram format

# Remove from watchlist
uv run {baseDir}/scripts/watchlist.py remove AAPL

Alert Types:

🎯 Target Hit — Price >= target
🛑 Stop Hit — Price <= stop
📊 Signal Change — BUY/HOLD/SELL changed

Portfolio Management

# Create portfolio
uv run {baseDir}/scripts/portfolio.py create "Tech Portfolio"

# Add assets
uv run {baseDir}/scripts/portfolio.py add AAPL --quantity 100 --cost 150
uv run {baseDir}/scripts/portfolio.py add BTC-USD --quantity 0.5 --cost 40000

# View portfolio
uv run {baseDir}/scripts/portfolio.py show

# Analyze with period returns
uv run {baseDir}/scripts/analyze_stock.py --portfolio "Tech Portfolio" --period weekly

🔥 Hot Scanner (NEW v6.1)

# Full scan - find what's trending NOW
python3 {baseDir}/scripts/hot_scanner.py

# Fast scan (skip social media)
python3 {baseDir}/scripts/hot_scanner.py --no-social

# JSON output for automation
python3 {baseDir}/scripts/hot_scanner.py --json

Data Sources:

📊 CoinGecko Trending — Top 15 trending coins
📈 CoinGecko Movers — Biggest gainers/losers
📰 Google News — Finance & crypto headlines
📉 Yahoo Finance — Gainers, losers, most active
🐦 Twitter/X — Social sentiment (requires auth)

Output:

Top trending by mention count
Crypto highlights with 24h changes
Stock movers by category
Breaking news with tickers

Twitter Setup (Optional):

Install bird: npm install -g @steipete/bird
Login to x.com in Safari/Chrome
Create .env with AUTH_TOKEN and CT0

🔮 Rumor Scanner (NEW v6.2)

# Find early signals, M&A rumors, insider activity
python3 {baseDir}/scripts/rumor_scanner.py

What it finds:

🏢 M&A Rumors — Merger, acquisition, takeover bids
👔 Insider Activity — CEO/Director buying/selling
📊 Analyst Actions — Upgrades, downgrades, price target changes
🐦 Twitter Whispers — "hearing that...", "sources say...", "rumor"
⚖️ SEC Activity — Investigations, filings

Impact Scoring:

Each rumor is scored by potential market impact (1-10)
M&A/Takeover: +5 points
Insider buying: +4 points
Upgrade/Downgrade: +3 points
"Hearing"/"Sources say": +2 points
High engagement: +2 bonus

Best Practice: Run at 07:00 before US market open to catch pre-market signals.

Analysis Dimensions (8 for stocks, 3 for crypto)

Stocks

Dimension	Weight	Description
Earnings Surprise	30%	EPS beat/miss
Fundamentals	20%	P/E, margins, growth
Analyst Sentiment	20%	Ratings, price targets
Historical	10%	Past earnings reactions
Market Context	10%	VIX, SPY/QQQ trends
Sector	15%	Relative strength
Momentum	15%	RSI, 52-week range
Sentiment	10%	Fear/Greed, shorts, insiders

Crypto

Market Cap & Category
BTC Correlation (30-day)
Momentum (RSI, range)

Sentiment Sub-Indicators

Indicator	Source	Signal
Fear & Greed	CNN	Contrarian (fear=buy)
Short Interest	Yahoo	Squeeze potential
VIX Structure	Futures	Stress detection
Insider Trades	SEC EDGAR	Smart money
Put/Call Ratio	Options	Sentiment extreme

Risk Detection

⚠️ Pre-Earnings — Warns if < 14 days to earnings
⚠️ Post-Spike — Flags if up >15% in 5 days
⚠️ Overbought — RSI >70 + near 52w high
⚠️ Risk-Off — GLD/TLT/UUP rising together
⚠️ Geopolitical — Taiwan, China, Russia, Middle East keywords
⚠️ Breaking News — Crisis keywords in last 24h

Performance Options

Flag	Effect	Speed
(default)	Full analysis	5-10s
`--no-insider`	Skip SEC EDGAR	3-5s
`--fast`	Skip insider + news	2-3s

Supported Cryptos (Top 20)

BTC, ETH, BNB, SOL, XRP, ADA, DOGE, AVAX, DOT, MATIC, LINK, ATOM, UNI, LTC, BCH, XLM, ALGO, VET, FIL, NEAR

(Use -USD suffix: BTC-USD, ETH-USD)

Data Storage

File	Location
Portfolios	`~/.clawdbot/skills/stock-analysis/portfolios.json`
Watchlist	`~/.clawdbot/skills/stock-analysis/watchlist.json`

Limitations

Yahoo Finance may lag 15-20 minutes
Short interest lags ~2 weeks (FINRA)
Insider trades lag 2-3 days (SEC filing)
US markets only (non-US incomplete)
Breaking news: 1h cache, keyword-based

Disclaimer

⚠️ NOT FINANCIAL ADVICE. For informational purposes only. Consult a licensed financial advisor before making investment decisions.

Comments

Loading comments...