ClawHub

TVFetch

v1.0.0

Fetch TradingView market data — historical OHLCV bars, live price streams, symbol search, technical indicators, and statistical analysis for any symbol (stoc...

0· 58·0 current·0 all-time
byTarun Khatri@tarun-khatri
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (TradingView OHLCV, streaming, indicators) lines up with included Python library and CLI scripts (fetch.py, stream.py, search.py, indicators, analyzers). Optional auth token, cache, and fallback behavior are plausible for this functionality.
Instruction Scope
SKILL.md directs the agent to run bundled Python scripts, check and write config under ~/.tvfetch, and optionally install the package from the skill directory (pip install -e ${CLAUDE_SKILL_DIR}). It also instructs how to obtain a TradingView auth_token via browser DevTools (document.cookie) which is sensitive but logically tied to increasing intraday limits. The instructions read/write only the skill's config paths and .env files (and may consult keyring), which is within scope for this skill.
Install Mechanism
There is no platform install spec, but SKILL.md recommends pip install -e from the skill directory to enable the library. Installing local Python code is expected to enable the CLI and modules, but note that pip installing editable code will write/execute package metadata on the host — review code before installing or install in an isolated environment.
Credentials
The skill does not require environment variables by default. It supports an optional TV_AUTH_TOKEN (CLI/ENV/.env/keyring) to increase bar limits, and optional TVFETCH_CACHE_PATH/TVFETCH_PROXY. Access to a single service token and local cache path is proportional to the stated functionality. The config will check keyring and .env files for a token — this is reasonable but users should be aware any token stored is a TradingView auth cookie (sensitive).
Persistence & Privilege
always:false and user-invocable:true. A SessionStart hook runs a non-blocking check-config.sh which prints warnings and may create ~/.tvfetch — this is limited scope and does not alter other skills or system-wide settings. The skill writes/reads only its own config/cache paths.
Assessment
This skill appears to be what it claims: a reverse-engineered TradingView fetcher with helpful CLI scripts. Before installing or running: 1) Review the included Python code if you can, or run in an isolated virtualenv/container to avoid contaminating your system Python. 2) Be cautious with the optional TV_AUTH_TOKEN — the skill advises copying a JWT from your browser; treat that token like a password and only save it if you trust the code and environment (it will be stored in ~/.tvfetch/.env or keyring). 3) The skill may install dependencies (websocket-client, httpx, pandas, etc.) if you choose to pip install; prefer virtualenv. 4) If you prefer not to expose your TradingView account token, use anonymous mode (default) understanding intraday bar limits. 5) If you want extra assurance, run the scripts in mock mode or inspect network connections the library makes (it targets data.tradingview.com), and avoid running pip install -e unless you reviewed the repository.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a952a5yd227n0c4rkyg49xn84ec5q

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments