ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Stock Analysis 6.2.0

v1.0.0

Analyze stocks and cryptocurrencies using Yahoo Finance data. Supports portfolio management, watchlists with alerts, dividend analysis, 8-dimension stock scoring, viral trend detection (Hot Scanner), and rumor/early signal detection. Use for stock analysis, portfolio tracking, earnings reactions, crypto monitoring, trending stocks, or finding rumors before they hit mainstream.

0· 1.1k·21 current·28 all-time
by@squally2k·duplicate of @sunerw-dev/stock-analysis-6

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for squally2k/stock-analysis-6-2-0.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Stock Analysis 6.2.0" (squally2k/stock-analysis-6-2-0) from ClawHub.
Skill page: https://clawhub.ai/squally2k/stock-analysis-6-2-0
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: uv
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install stock-analysis-6-2-0

ClawHub CLI

Package manager switcher

npx clawhub@latest install stock-analysis-6-2-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's name and code (Python scripts for analysis, hot/rumor scanners, portfolios, watchlists) align with the stated purpose. However, the SKILL metadata only declares a dependency on the 'uv' binary while the documentation/runtime instructions expect additional tooling (bird CLI / npm or brew-installed) and Twitter auth tokens. Those extra requirements are not declared in the manifest, creating a mismatch between claimed requirements and actual operational needs.
!
Instruction Scope
SKILL.md and the docs instruct the operator to extract Twitter/X authentication cookies (auth_token and ct0) from the browser and to 'Grant Terminal Full Disk Access' to read them, and to put them into a .env or environment variables. This directs users to access and move sensitive browser credentials and to elevate system permissions — actions outside the reasonable scope of a stock-analysis tool. The docs also instruct installing the bird CLI (npm/brew) but that's not declared in the install metadata. The instructions also include cron automation and local storage paths (e.g., ~/.clawdbot/skills/stock-analysis/) which are expected but should be made explicit and permissioned carefully.
Install Mechanism
The declared install spec is a single brew formula (uv), which is low-risk. The repository includes local Python scripts (no remote downloads in install spec). However, the docs recommend installing an additional third-party CLI (bird) via npm/brew but that is not part of the install spec. There are no downloads from unknown personal servers in the install metadata, which is good, but the inconsistency (missing tooling in install metadata) is noteworthy.
!
Credentials
The registry metadata declares no required env vars, but the runtime docs explicitly instruct creating a .env or exporting AUTH_TOKEN and CT0 (Twitter cookies) and potentially other tokens for Telegram/notifications. Asking users to export browser cookie tokens (and to grant Full Disk Access to retrieve them) is disproportionate for a third-party skill and increases risk of credential theft or accidental exfiltration. Other storage locations (portfolios/watchlist under ~/.clawdbot/skills/stock-analysis/) are reasonable, but sensitive tokens stored in plaintext .env files should be flagged.
!
Persistence & Privilege
The skill does not request always:true and behaves like a normal, user-invocable skill. However, the documentation's recommendation to grant Terminal 'Full Disk Access' to extract browser cookies elevates system privilege requirements outside the skill's domain. Combined with instructions to store auth tokens locally and to run cron jobs, this creates a higher persistence/privilege risk than the manifest indicates.
What to consider before installing
This skill appears to be a legitimate stock/crypto analysis tool, but there are concerning mismatches between what the manifest declares and what the runtime docs instruct: - The SKILL metadata only lists 'uv' as a binary, yet the Hot Scanner/Twitter integration requires the third-party bird CLI (npm/brew) and manual extraction of Twitter cookie tokens (AUTH_TOKEN and CT0). The manifest should declare those dependencies and any required env vars. - The docs explicitly instruct users to extract browser cookies and to 'Grant Terminal Full Disk Access' so cookies can be read. Do NOT grant Full Disk Access or broadly elevate privileges just to make a skill work. That practice exposes all browser data and is high-risk. - Storing auth tokens in plaintext .env files is fragile. If you want Twitter/X data, prefer using official API keys (from a developer app) with limited scopes, not browser cookie harvesting. Before installing or using this skill consider these steps: 1. Inspect the Python scripts (they are included) for any network calls to unexpected domains or hard-coded endpoints. Verify all outgoing endpoints are legitimate (Yahoo, CoinGecko, Google News, SEC, etc.). 2. If you need Twitter/X data, create a controlled API credential (developer app) and provide only those keys; avoid using browser cookies. Ask the maintainer to support official API keys and to document required env vars in the manifest. 3. Do not grant Terminal Full Disk Access. If the bird CLI truly requires browser cookies, reject that approach or run the scanner in a tightly controlled sandbox/VM isolated from personal data. 4. Keep .env files and any saved tokens in a secure location with limited file permissions; consider using platform secure storage instead of plaintext files. 5. Because the skill's manifest omits required tooling and env vars, prefer running it in an isolated environment (container or VM) and review the code's network behavior while executing (or run tests) before granting any elevated host permissions. Given the privileged instructions around cookie extraction and undeclared dependencies, treat this skill as suspicious until those inconsistencies are reconciled by the author (declare bird and required env vars in metadata, remove cookie-harvesting instructions, or switch to official API keys).

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

📈 Clawdis
Binsuv

Install

Install uv (brew)
Bins: uv
brew install uv
latestvk976sabjw2vvf1nw7dcg130089813gg8
1.1kdownloads
0stars
1versions
Updated 14h ago
v1.0.0
MIT-0
@squally2k
latest
Download

Stock Analysis v6.1

Analyze US stocks and cryptocurrencies with 8-dimension analysis, portfolio management, watchlists, alerts, dividend analysis, and viral trend detection.

What's New in v6.2

  • 🔮 Rumor Scanner — Early signals before mainstream news
    • M&A rumors and takeover bids
    • Insider buying/selling activity
    • Analyst upgrades/downgrades
    • Twitter/X "hearing that...", "sources say..." detection
  • 🎯 Impact Scoring — Rumors ranked by potential market impact

What's in v6.1

  • 🔥 Hot Scanner — Find viral stocks & crypto across multiple sources
  • 🐦 Twitter/X Integration — Social sentiment via bird CLI
  • 📰 Multi-Source Aggregation — CoinGecko, Google News, Yahoo Finance
  • Cron Support — Daily trend reports

What's in v6.0

  • 🆕 Watchlist + Alerts — Price targets, stop losses, signal changes
  • 🆕 Dividend Analysis — Yield, payout ratio, growth, safety score
  • 🆕 Fast Mode--fast skips slow analyses (insider, news)
  • 🆕 Improved Performance--no-insider for faster runs

Quick Commands

Stock Analysis

# Basic analysis
uv run {baseDir}/scripts/analyze_stock.py AAPL

# Fast mode (skips insider trading & breaking news)
uv run {baseDir}/scripts/analyze_stock.py AAPL --fast

# Compare multiple
uv run {baseDir}/scripts/analyze_stock.py AAPL MSFT GOOGL

# Crypto
uv run {baseDir}/scripts/analyze_stock.py BTC-USD ETH-USD

Dividend Analysis (NEW v6.0)

# Analyze dividends
uv run {baseDir}/scripts/dividends.py JNJ

# Compare dividend stocks
uv run {baseDir}/scripts/dividends.py JNJ PG KO MCD --output json

Dividend Metrics:

  • Dividend Yield & Annual Payout
  • Payout Ratio (safe/moderate/high/unsustainable)
  • 5-Year Dividend Growth (CAGR)
  • Consecutive Years of Increases
  • Safety Score (0-100)
  • Income Rating (excellent/good/moderate/poor)

Watchlist + Alerts (NEW v6.0)

# Add to watchlist
uv run {baseDir}/scripts/watchlist.py add AAPL

# With price target alert
uv run {baseDir}/scripts/watchlist.py add AAPL --target 200

# With stop loss alert
uv run {baseDir}/scripts/watchlist.py add AAPL --stop 150

# Alert on signal change (BUY→SELL)
uv run {baseDir}/scripts/watchlist.py add AAPL --alert-on signal

# View watchlist
uv run {baseDir}/scripts/watchlist.py list

# Check for triggered alerts
uv run {baseDir}/scripts/watchlist.py check
uv run {baseDir}/scripts/watchlist.py check --notify  # Telegram format

# Remove from watchlist
uv run {baseDir}/scripts/watchlist.py remove AAPL

Alert Types:

  • 🎯 Target Hit — Price >= target
  • 🛑 Stop Hit — Price <= stop
  • 📊 Signal Change — BUY/HOLD/SELL changed

Portfolio Management

# Create portfolio
uv run {baseDir}/scripts/portfolio.py create "Tech Portfolio"

# Add assets
uv run {baseDir}/scripts/portfolio.py add AAPL --quantity 100 --cost 150
uv run {baseDir}/scripts/portfolio.py add BTC-USD --quantity 0.5 --cost 40000

# View portfolio
uv run {baseDir}/scripts/portfolio.py show

# Analyze with period returns
uv run {baseDir}/scripts/analyze_stock.py --portfolio "Tech Portfolio" --period weekly

🔥 Hot Scanner (NEW v6.1)

# Full scan - find what's trending NOW
python3 {baseDir}/scripts/hot_scanner.py

# Fast scan (skip social media)
python3 {baseDir}/scripts/hot_scanner.py --no-social

# JSON output for automation
python3 {baseDir}/scripts/hot_scanner.py --json

Data Sources:

  • 📊 CoinGecko Trending — Top 15 trending coins
  • 📈 CoinGecko Movers — Biggest gainers/losers
  • 📰 Google News — Finance & crypto headlines
  • 📉 Yahoo Finance — Gainers, losers, most active
  • 🐦 Twitter/X — Social sentiment (requires auth)

Output:

  • Top trending by mention count
  • Crypto highlights with 24h changes
  • Stock movers by category
  • Breaking news with tickers

Twitter Setup (Optional):

  1. Install bird: npm install -g @steipete/bird
  2. Login to x.com in Safari/Chrome
  3. Create .env with AUTH_TOKEN and CT0

🔮 Rumor Scanner (NEW v6.2)

# Find early signals, M&A rumors, insider activity
python3 {baseDir}/scripts/rumor_scanner.py

What it finds:

  • 🏢 M&A Rumors — Merger, acquisition, takeover bids
  • 👔 Insider Activity — CEO/Director buying/selling
  • 📊 Analyst Actions — Upgrades, downgrades, price target changes
  • 🐦 Twitter Whispers — "hearing that...", "sources say...", "rumor"
  • ⚖️ SEC Activity — Investigations, filings

Impact Scoring:

  • Each rumor is scored by potential market impact (1-10)
  • M&A/Takeover: +5 points
  • Insider buying: +4 points
  • Upgrade/Downgrade: +3 points
  • "Hearing"/"Sources say": +2 points
  • High engagement: +2 bonus

Best Practice: Run at 07:00 before US market open to catch pre-market signals.

Analysis Dimensions (8 for stocks, 3 for crypto)

Stocks

DimensionWeightDescription
Earnings Surprise30%EPS beat/miss
Fundamentals20%P/E, margins, growth
Analyst Sentiment20%Ratings, price targets
Historical10%Past earnings reactions
Market Context10%VIX, SPY/QQQ trends
Sector15%Relative strength
Momentum15%RSI, 52-week range
Sentiment10%Fear/Greed, shorts, insiders

Crypto

  • Market Cap & Category
  • BTC Correlation (30-day)
  • Momentum (RSI, range)

Sentiment Sub-Indicators

IndicatorSourceSignal
Fear & GreedCNNContrarian (fear=buy)
Short InterestYahooSqueeze potential
VIX StructureFuturesStress detection
Insider TradesSEC EDGARSmart money
Put/Call RatioOptionsSentiment extreme

Risk Detection

  • ⚠️ Pre-Earnings — Warns if < 14 days to earnings
  • ⚠️ Post-Spike — Flags if up >15% in 5 days
  • ⚠️ Overbought — RSI >70 + near 52w high
  • ⚠️ Risk-Off — GLD/TLT/UUP rising together
  • ⚠️ Geopolitical — Taiwan, China, Russia, Middle East keywords
  • ⚠️ Breaking News — Crisis keywords in last 24h

Performance Options

FlagEffectSpeed
(default)Full analysis5-10s
--no-insiderSkip SEC EDGAR3-5s
--fastSkip insider + news2-3s

Supported Cryptos (Top 20)

BTC, ETH, BNB, SOL, XRP, ADA, DOGE, AVAX, DOT, MATIC, LINK, ATOM, UNI, LTC, BCH, XLM, ALGO, VET, FIL, NEAR

(Use -USD suffix: BTC-USD, ETH-USD)

Data Storage

FileLocation
Portfolios~/.clawdbot/skills/stock-analysis/portfolios.json
Watchlist~/.clawdbot/skills/stock-analysis/watchlist.json

Limitations

  • Yahoo Finance may lag 15-20 minutes
  • Short interest lags ~2 weeks (FINRA)
  • Insider trades lag 2-3 days (SEC filing)
  • US markets only (non-US incomplete)
  • Breaking news: 1h cache, keyword-based

Disclaimer

⚠️ NOT FINANCIAL ADVICE. For informational purposes only. Consult a licensed financial advisor before making investment decisions.

Comments

Loading comments...