Institutional Flow Tracker
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: institutional-flow-tracker Version: 0.1.0 The OpenClaw skill bundle is designed for institutional flow tracking using the Financial Modeling Prep (FMP) API. All Python scripts (`analyze_single_stock.py`, `track_institutional_flow.py`, `track_institution_portfolio.py`) make legitimate API calls to `financialmodelingprep.com` to fetch financial data. API keys are handled securely via environment variables or command-line arguments. Output is consistently written to local markdown or JSON files, with no evidence of data exfiltration to unauthorized external endpoints. The `SKILL.md` and `README.md` provide clear, relevant instructions for the AI agent and do not contain any prompt injection attempts to mislead the agent into performing actions beyond the stated purpose. The `track_institution_portfolio.py` script is a transparent placeholder, directing users to legitimate external resources like `whalewisdom.com` and `sec.gov` for comprehensive tracking, rather than attempting to implement it with limited API capabilities. No malicious execution, persistence, or obfuscation techniques were found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the scripts may consume the user's FMP API quota and exposes the FMP key to the script and FMP service.
The skill requires a third-party Financial Modeling Prep API key. This is expected for the stated 13F data-analysis purpose, but users should recognize that a credential is involved.
Required: FMP API Key ... export FMP_API_KEY=your_key_here ... python3 scripts/track_institutional_flow.py --api-key YOUR_KEY
Use a dedicated FMP API key, prefer the environment variable over command-line arguments, and avoid pasting the key into shared chats, logs, or shell history.
Installing Python packages from the public package index can affect the local Python environment.
The skill relies on a user-installed Python dependency that is not pinned in an install spec. This is a common, purpose-aligned setup step, but it is still a supply-chain detail users should notice.
No installation required beyond Python 3 and the `requests` library: pip install requests
Install dependencies in a virtual environment and use trusted package sources; consider pinning a known-good requests version for repeatable use.
Users may over-trust the generated buy/sell labels or historical success-rate framing when making investment decisions.
The reference material includes strong investment-action language and performance-style claims. This is aligned with the skill's investment-analysis purpose, but it can influence high-stakes financial decisions.
Action: BUY with conviction (2-5% portfolio position) ... Historical Success Rate: ~75-80% positive returns over 12 months
Use the output as one research signal, verify the underlying filings and assumptions, and do not treat the skill as personalized financial advice.