ClawHub
Back to skill
v1.0.0

Stock Analyzer

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:29 AM.

Analysis

Review recommended because the stock-analysis function is coherent, but the skill says it is not investment advice while also producing buy/hold-style recommendations.

GuidanceBefore installing, decide whether you are comfortable with a tool that may generate buy/hold-style financial recommendations despite disclaimers. Treat outputs as educational analysis only, verify data independently, and install the Python dependencies in a trusted, isolated environment.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Human-Agent Trust Exploitation
SeverityMediumConfidenceHighStatusConcern
SKILL.md
## 建议
- 短期:持有/买入 ... ## Safety
此工具仅用于技术分析和学习目的,不提供投资建议。

The same user-facing artifact shows buy/hold-style recommendations while also claiming the tool does not provide investment advice, creating inconsistent safety framing in a high-impact financial context.

User impactA user could over-trust automated buy/hold wording as safe educational analysis and make financial decisions based on it.
RecommendationMake the report wording and disclaimer consistent: remove buy/sell recommendations or clearly label them as non-advisory educational signals, and encourage users to consult qualified financial advice.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
install.sh
运行: pip install yfinance pandas numpy matplotlib scikit-learn

The install guidance relies on unpinned third-party Python packages. These dependencies are expected for the stated stock-analysis purpose, but users should understand the supply-chain trust involved.

User impactInstalling unpinned packages may pull newer or unexpected dependency versions from package repositories.
RecommendationInstall in a controlled Python environment, review package sources, and consider pinning dependency versions.