ClawHub

drillr — Power Terminal for Deep Financial Research

v1.0.0

Power terminal for deep financial research on US public equities — reason through investment theses, screen for ideas, map supply chains, do forensic account...

3· 110·0 current·0 all-time
by@yx9966
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description (financial research CLI) match the code and SKILL.md: the script sends the user's question as a JSON POST to a single hardcoded endpoint and streams an SSE response to stdout. Required binaries and declared dependencies (python3, stdlib only) align with the implementation.
Instruction Scope
The instructions explicitly limit the skill to one POST to a hardcoded endpoint and streaming the response to stdout. This is implemented in query.py. Important caveat: user queries are transmitted to a third-party endpoint (diggr-agent-prod-...run.app). The SKILL.md asserts 'no telemetry,' but the skill cannot prevent that remote service from logging or collecting queries — so treat query content as being sent off-host.
Install Mechanism
No install spec; the skill is instruction-only with a small Python CLI file included. No downloads, package installs, or extract operations are present.
Credentials
The skill requests no environment variables or credentials and the code does not read env vars or local config paths. The lack of required secrets is proportional to the described functionality.
Persistence & Privilege
always is false and the skill is not requesting persistent presence or modifying other skills/configs. The script is stateless (no local persistence) and only runs when invoked.
Assessment
This skill is coherent and does what it claims: it sends your question to a single hardcoded external API and prints back markdown. Before installing, consider privacy and compliance: any sensitive or proprietary text you enter will be transmitted to that remote endpoint (hosted on Google Cloud Run at diggr-agent-prod-...run.app) and may be logged by the operator even though the SKILL.md states 'no telemetry.' Verify the endpoint/owner (drillr.ai vs the run.app domain), read the service's privacy terms, and avoid entering secrets, credentials, or nonpublic data. If that exposure is acceptable, the skill appears internally consistent.

Like a lobster shell, security has layers — review code before you run it.

earningsvk978r0k60z64c0bv77t8g3gy1n84ky1gequitiesvk978r0k60z64c0bv77t8g3gy1n84ky1gfinancevk978r0k60z64c0bv77t8g3gy1n84ky1glatestvk978r0k60z64c0bv77t8g3gy1n84ky1gresearchvk978r0k60z64c0bv77t8g3gy1n84ky1gscreeningvk978r0k60z64c0bv77t8g3gy1n84ky1gsec-filingsvk978r0k60z64c0bv77t8g3gy1n84ky1gvaluationvk978r0k60z64c0bv77t8g3gy1n84ky1g

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📈 Clawdis
Binspython3

Comments