OpenClaw Equity Research
PassAudited by ClawScan on May 6, 2026.
Overview
This skill is a coherent equity-research helper that uses public market data and local report files, with a few purpose-aligned setup and data-access notes users should understand.
This appears safe to use as a research-assistance skill, not a trading tool. Expect it to browse or call market-data APIs unless you opt out, use only read-only credentials for any paid or broker data sources, and verify financial data before relying on the memo.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
When invoked, the agent may contact external data sources to gather stock prices, news, filings, or related research inputs.
The skill may cause the agent to use browsing or market-data APIs during research. This is expected for current equity analysis, but users should know external lookups may occur.
Prefer fresh data. For current prices, news, estimates, filings, and analyst changes, browse or use data APIs unless the user explicitly forbids it.
If you do not want browsing or API use, explicitly tell the agent not to browse or use external data; otherwise, review citations and timestamps in the memo.
If you connect broker, exchange, OpenBB, or paid-data credentials, the agent may use them to retrieve research data.
The skill contemplates using user-provided or configured market-data accounts. This is purpose-aligned, but broker or paid-data credentials can be sensitive if over-scoped.
Exchange or broker data if the user provides access. ... Paid sources only if the user has configured access.
Use read-only, least-privilege credentials where possible and avoid giving trading-capable or account-management access unless strictly necessary.
Live mode may fail unless yfinance is already installed, or the user may need to install an undeclared dependency.
The script depends on yfinance for live market-data pulls, while the registry/install section lists no install spec or required binaries. This is a setup transparency issue rather than evidence of malicious behavior.
import yfinance as yf # type: ignore ... raise SystemExit(f"yfinance is required for live mode: {exc}")Install dependencies only from trusted sources, consider pinning package versions, and treat the included script as a lightweight helper rather than a fully packaged application.