Stock Tools
AdvisoryAudited by Static analysis on May 2, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Ticker symbols queried by the user are sent to external finance APIs and through any local proxy listening on port 7891; Binance access may be unexpected if the user only expects Yahoo Finance.
The script routes requests through a hardcoded local proxy and may contact Binance for crypto symbols, while the skill description primarily advertises Yahoo Finance stock quote lookup.
PROXY = {
'http': 'http://127.0.0.1:7891',
'https': 'http://127.0.0.1:7891'
}
...
url = f'https://api.binance.com/api/v3/ticker/price?symbol={symbol}'Document all external endpoints and the proxy requirement, make the proxy configurable or optional, and validate or encode user-supplied symbols before building request URLs.
The script may fail if requests is not installed, or it will use whichever requests package is present in the user's Python environment.
The script relies on the third-party requests package, but the provided requirements and install spec do not declare dependencies. There is no automatic install behavior shown, so this is a documentation and environment-sourcing note.
import requests
Declare the Python dependency and, if installation is later added, pin packages to trusted sources and versions.