OpenClaw Equity Research
PassAudited by VirusTotal on May 6, 2026.
Overview
Type: OpenClaw Skill Name: openclaw-equity-research Version: 0.1.1 The skill bundle is a legitimate tool for generating equity research memos. The Python script `scripts/equity_research.py` uses the standard `yfinance` library to fetch market data and news, and it contains no evidence of malicious execution, data exfiltration, or obfuscation. The instructions in `SKILL.md` and the supporting documentation in the `references/` directory are well-structured, providing clear guidelines for the AI agent to produce factual, evidence-based reports while explicitly avoiding the provision of financial advice.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
When invoked, the agent may contact external data sources to gather stock prices, news, filings, or related research inputs.
The skill may cause the agent to use browsing or market-data APIs during research. This is expected for current equity analysis, but users should know external lookups may occur.
Prefer fresh data. For current prices, news, estimates, filings, and analyst changes, browse or use data APIs unless the user explicitly forbids it.
If you do not want browsing or API use, explicitly tell the agent not to browse or use external data; otherwise, review citations and timestamps in the memo.
If you connect broker, exchange, OpenBB, or paid-data credentials, the agent may use them to retrieve research data.
The skill contemplates using user-provided or configured market-data accounts. This is purpose-aligned, but broker or paid-data credentials can be sensitive if over-scoped.
Exchange or broker data if the user provides access. ... Paid sources only if the user has configured access.
Use read-only, least-privilege credentials where possible and avoid giving trading-capable or account-management access unless strictly necessary.
Live mode may fail unless yfinance is already installed, or the user may need to install an undeclared dependency.
The script depends on yfinance for live market-data pulls, while the registry/install section lists no install spec or required binaries. This is a setup transparency issue rather than evidence of malicious behavior.
import yfinance as yf # type: ignore ... raise SystemExit(f"yfinance is required for live mode: {exc}")Install dependencies only from trusted sources, consider pinning package versions, and treat the included script as a lightweight helper rather than a fully packaged application.