Openbb Terminal
Security checks across malware telemetry and agentic risk
Overview
This finance skill mostly matches market-data and backtesting use, but it also includes potential broker/order execution without clear live-trading safeguards or credential boundaries.
Install only if you want financial-data, ZVT/OpenBB-style analysis, or backtesting assistance. Keep workflows in analysis or paper-trading mode unless you deliberately configure live trading, and do not provide broker credentials or approve order execution without a clear preview, limits, and confirmation.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If connected to a broker or trading API, the agent could generate or execute actions that affect the user's investments or account balances.
The skill includes trading execution and explicit buy/sell order sequencing, but the artifacts do not define paper-trading defaults, per-order user approval, trade limits, broker scope, or rollback/containment.
`data_collection -> data_storage -> factor_computation -> target_selection -> trading_execution -> visualization`; `SL-01` Execute sell orders before buy orders in every trading cycle
Use this skill only for data analysis and backtesting unless live trading is explicitly intended; require order previews, manual confirmation, paper mode by default, and hard trade-size/account limits.
Using paid data or broker providers may expose account credentials or grant access to financial services if the user supplies them.
The skill anticipates paid data-provider accounts and a broker integration, which may require sensitive credentials or account access, but it does not describe credential scope or handling.
Data source / provider: eastmoney (free, no account), joinquant (account+paid), baostock (free, good history), akshare, or qmt (broker)?
Provide only the minimum necessary credentials, prefer environment variables or provider-managed config, and do not grant broker access unless you intend to use live trading features.
Installing the dependency runs third-party code in the user's Python environment.
The skill's setup guidance relies on installing and running an external Python package, which is expected for this workflow but is not represented in a formal install spec or pinned dependency list.
PC-01: `python3 -c 'import zvt; print(zvt.__version__)'` → on_fail: Run: `python3 -m pip install zvt` then re-run: `python3 -m zvt.init_dirs`
Install ZVT manually from a trusted source, consider using a virtual environment, and pin/verify the package version before use.