Stock Analysis
Analyze stocks and cryptocurrencies using Yahoo Finance data. Supports portfolio management, watchlists with alerts, dividend analysis, 8-dimension stock scoring, viral trend detection (Hot Scanner), and rumor/early signal detection. Use for stock analysis, portfolio tracking, earnings reactions, crypto monitoring, trending stocks, or finding rumors before they hit mainstream.
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 186 · 38.4k · 406 current installs · 430 all-time installs
MIT-0
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill claims to be a Python-based stock/crypto analyzer, and most commands in SKILL.md run Python scripts (python3 scripts/*.py). Yet metadata requires a binary named 'uv' and the install spec installs a brew formula 'uv'. Requiring only 'uv' (and not declaring python3) is disproportionate and inconsistent with the provided scripts. The skill also documents optional Twitter integration that asks for browser cookie tokens — that capability (accessing browser cookies) is not reflected in requires.env or required config paths.
Instruction Scope
SKILL.md and docs instruct the user to extract Twitter/X tokens from browser DevTools and explicitly tell macOS users to 'Grant Terminal Full Disk Access' to allow the bird CLI to work. Asking users to extract cookies and give Terminal Full Disk Access is excessive for a typical data-aggregation skill and introduces a high-risk path for credential exposure. The docs also suggest cron jobs and store portfolio/watchlist JSON files in the user's home directory (~/.clawdbot/...), which is expected but should have been declared.
Install Mechanism
The only install mechanism is a brew formula 'uv'. Installing via brew is lower risk than downloading arbitrary archives, but 'uv' is an unexpected dependency for a Python project and the brew formula source/tap is not specified. The install creates a binary named 'uv' — verify the formula origin before installing. There is no install step for Python dependencies (requirements.txt), yet the codebase is Python-heavy.
Credentials
requires.env is empty in the registry metadata, but the docs repeatedly reference environment variables and a .env file (AUTH_TOKEN, CT0) for Twitter/X integration and instruct creating .env in the skill directory. Those sensitive tokens are not declared as required credentials. The skill also refers to an SEC identity in TODOs and instructs writing files under ~/.clawdbot — the set of requested/used secrets and paths is under-specified and therefore disproportionate to the declared requirements.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills. It writes state to ~/.clawdbot/skills/stock-analysis (portfolios.json, watchlist.json) which is reasonable for a portfolio tool but is not declared in required config paths. The bigger persistence risk is the documentation guidance to store tokens in a local .env and to grant Terminal Full Disk Access — these increase attack surface if present on a machine.
What to consider before installing
Key things to check before installing or using this skill:
- Do NOT grant Terminal/Terminal.app 'Full Disk Access' or otherwise give broad OS permissions simply to run this skill. That instruction in the docs is unnecessary for most setups and creates a large security risk.
- Twitter/X integration guidance asks you to extract browser cookies (AUTH_TOKEN, CT0) and store them in a local .env. Extracting cookies and storing them as plain tokens can leak credentials; prefer creating tokens via an official API/developer app and avoid copying browser cookies. If you must use social features, create limited-scope API credentials, store them in a secure secrets manager, and avoid Full Disk Access.
- The metadata requires a binary 'uv' (installed via brew) but the codebase runs many python3 scripts. Investigate the 'uv' package/formula: who maintains it, what it does, and why this project needs it. Do not run unknown brew taps or formulas without verifying origin.
- Confirm python3 and any Python dependencies (requirements.txt) are installed in a contained environment (virtualenv/venv) before running scripts. Consider running the skill inside an isolated VM/container if you will test it.
- Review the scripts (especially hot_scanner.py, rumor_scanner.py) for any unexpected network endpoints, hard-coded URLs, or calls that could exfiltrate data beyond the documented sources (Yahoo, Google News, CoinGecko, SEC EDGAR, Twitter). Search for code that sends data to unknown domains or uses unusual upload endpoints.
- Be cautious with cron automation and the suggested Daily Hot Scanner cron job: running automated network scraping frequently can reveal credentials and amplify risk if tokens are present in environment files.
- If you need the watchlist/portfolio features, examine and back up the JSON files stored under ~/.clawdbot/skills/stock-analysis and consider limiting filesystem permissions.
If you want, I can:
- Identify and summarize all places in the repository that read environment variables, read browser files, or make outbound network calls.
- Inspect the 'uv' brew formula (if you provide its source or link) and the exact Python third-party dependencies to assess risk further.Like a lobster shell, security has layers — review code before you run it.
Current versionv6.2.0
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📈 Clawdis
Binsuv
Install
Install uv (brew)
Bins: uv
brew install uvSKILL.md
Stock Analysis v6.1
Analyze US stocks and cryptocurrencies with 8-dimension analysis, portfolio management, watchlists, alerts, dividend analysis, and viral trend detection.
What's New in v6.2
- 🔮 Rumor Scanner — Early signals before mainstream news
- M&A rumors and takeover bids
- Insider buying/selling activity
- Analyst upgrades/downgrades
- Twitter/X "hearing that...", "sources say..." detection
- 🎯 Impact Scoring — Rumors ranked by potential market impact
What's in v6.1
- 🔥 Hot Scanner — Find viral stocks & crypto across multiple sources
- 🐦 Twitter/X Integration — Social sentiment via bird CLI
- 📰 Multi-Source Aggregation — CoinGecko, Google News, Yahoo Finance
- ⏰ Cron Support — Daily trend reports
What's in v6.0
- 🆕 Watchlist + Alerts — Price targets, stop losses, signal changes
- 🆕 Dividend Analysis — Yield, payout ratio, growth, safety score
- 🆕 Fast Mode —
--fastskips slow analyses (insider, news) - 🆕 Improved Performance —
--no-insiderfor faster runs
Quick Commands
Stock Analysis
# Basic analysis
uv run {baseDir}/scripts/analyze_stock.py AAPL
# Fast mode (skips insider trading & breaking news)
uv run {baseDir}/scripts/analyze_stock.py AAPL --fast
# Compare multiple
uv run {baseDir}/scripts/analyze_stock.py AAPL MSFT GOOGL
# Crypto
uv run {baseDir}/scripts/analyze_stock.py BTC-USD ETH-USD
Dividend Analysis (NEW v6.0)
# Analyze dividends
uv run {baseDir}/scripts/dividends.py JNJ
# Compare dividend stocks
uv run {baseDir}/scripts/dividends.py JNJ PG KO MCD --output json
Dividend Metrics:
- Dividend Yield & Annual Payout
- Payout Ratio (safe/moderate/high/unsustainable)
- 5-Year Dividend Growth (CAGR)
- Consecutive Years of Increases
- Safety Score (0-100)
- Income Rating (excellent/good/moderate/poor)
Watchlist + Alerts (NEW v6.0)
# Add to watchlist
uv run {baseDir}/scripts/watchlist.py add AAPL
# With price target alert
uv run {baseDir}/scripts/watchlist.py add AAPL --target 200
# With stop loss alert
uv run {baseDir}/scripts/watchlist.py add AAPL --stop 150
# Alert on signal change (BUY→SELL)
uv run {baseDir}/scripts/watchlist.py add AAPL --alert-on signal
# View watchlist
uv run {baseDir}/scripts/watchlist.py list
# Check for triggered alerts
uv run {baseDir}/scripts/watchlist.py check
uv run {baseDir}/scripts/watchlist.py check --notify # Telegram format
# Remove from watchlist
uv run {baseDir}/scripts/watchlist.py remove AAPL
Alert Types:
- 🎯 Target Hit — Price >= target
- 🛑 Stop Hit — Price <= stop
- 📊 Signal Change — BUY/HOLD/SELL changed
Portfolio Management
# Create portfolio
uv run {baseDir}/scripts/portfolio.py create "Tech Portfolio"
# Add assets
uv run {baseDir}/scripts/portfolio.py add AAPL --quantity 100 --cost 150
uv run {baseDir}/scripts/portfolio.py add BTC-USD --quantity 0.5 --cost 40000
# View portfolio
uv run {baseDir}/scripts/portfolio.py show
# Analyze with period returns
uv run {baseDir}/scripts/analyze_stock.py --portfolio "Tech Portfolio" --period weekly
🔥 Hot Scanner (NEW v6.1)
# Full scan - find what's trending NOW
python3 {baseDir}/scripts/hot_scanner.py
# Fast scan (skip social media)
python3 {baseDir}/scripts/hot_scanner.py --no-social
# JSON output for automation
python3 {baseDir}/scripts/hot_scanner.py --json
Data Sources:
- 📊 CoinGecko Trending — Top 15 trending coins
- 📈 CoinGecko Movers — Biggest gainers/losers
- 📰 Google News — Finance & crypto headlines
- 📉 Yahoo Finance — Gainers, losers, most active
- 🐦 Twitter/X — Social sentiment (requires auth)
Output:
- Top trending by mention count
- Crypto highlights with 24h changes
- Stock movers by category
- Breaking news with tickers
Twitter Setup (Optional):
- Install bird:
npm install -g @steipete/bird - Login to x.com in Safari/Chrome
- Create
.envwithAUTH_TOKENandCT0
🔮 Rumor Scanner (NEW v6.2)
# Find early signals, M&A rumors, insider activity
python3 {baseDir}/scripts/rumor_scanner.py
What it finds:
- 🏢 M&A Rumors — Merger, acquisition, takeover bids
- 👔 Insider Activity — CEO/Director buying/selling
- 📊 Analyst Actions — Upgrades, downgrades, price target changes
- 🐦 Twitter Whispers — "hearing that...", "sources say...", "rumor"
- ⚖️ SEC Activity — Investigations, filings
Impact Scoring:
- Each rumor is scored by potential market impact (1-10)
- M&A/Takeover: +5 points
- Insider buying: +4 points
- Upgrade/Downgrade: +3 points
- "Hearing"/"Sources say": +2 points
- High engagement: +2 bonus
Best Practice: Run at 07:00 before US market open to catch pre-market signals.
Analysis Dimensions (8 for stocks, 3 for crypto)
Stocks
| Dimension | Weight | Description |
|---|---|---|
| Earnings Surprise | 30% | EPS beat/miss |
| Fundamentals | 20% | P/E, margins, growth |
| Analyst Sentiment | 20% | Ratings, price targets |
| Historical | 10% | Past earnings reactions |
| Market Context | 10% | VIX, SPY/QQQ trends |
| Sector | 15% | Relative strength |
| Momentum | 15% | RSI, 52-week range |
| Sentiment | 10% | Fear/Greed, shorts, insiders |
Crypto
- Market Cap & Category
- BTC Correlation (30-day)
- Momentum (RSI, range)
Sentiment Sub-Indicators
| Indicator | Source | Signal |
|---|---|---|
| Fear & Greed | CNN | Contrarian (fear=buy) |
| Short Interest | Yahoo | Squeeze potential |
| VIX Structure | Futures | Stress detection |
| Insider Trades | SEC EDGAR | Smart money |
| Put/Call Ratio | Options | Sentiment extreme |
Risk Detection
- ⚠️ Pre-Earnings — Warns if < 14 days to earnings
- ⚠️ Post-Spike — Flags if up >15% in 5 days
- ⚠️ Overbought — RSI >70 + near 52w high
- ⚠️ Risk-Off — GLD/TLT/UUP rising together
- ⚠️ Geopolitical — Taiwan, China, Russia, Middle East keywords
- ⚠️ Breaking News — Crisis keywords in last 24h
Performance Options
| Flag | Effect | Speed |
|---|---|---|
| (default) | Full analysis | 5-10s |
--no-insider | Skip SEC EDGAR | 3-5s |
--fast | Skip insider + news | 2-3s |
Supported Cryptos (Top 20)
BTC, ETH, BNB, SOL, XRP, ADA, DOGE, AVAX, DOT, MATIC, LINK, ATOM, UNI, LTC, BCH, XLM, ALGO, VET, FIL, NEAR
(Use -USD suffix: BTC-USD, ETH-USD)
Data Storage
| File | Location |
|---|---|
| Portfolios | ~/.clawdbot/skills/stock-analysis/portfolios.json |
| Watchlist | ~/.clawdbot/skills/stock-analysis/watchlist.json |
Limitations
- Yahoo Finance may lag 15-20 minutes
- Short interest lags ~2 weeks (FINRA)
- Insider trades lag 2-3 days (SEC filing)
- US markets only (non-US incomplete)
- Breaking news: 1h cache, keyword-based
Disclaimer
⚠️ NOT FINANCIAL ADVICE. For informational purposes only. Consult a licensed financial advisor before making investment decisions.
Files
16 totalSelect a file
Select a file to preview.
Comments
Loading comments…