IDX Stock Profile Scraper
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to do what it advertises: fetch public IDX company-profile pages for a supplied stock code, with no artifact evidence of credential use, local file access, persistence, or data mutation.
This looks safe for its stated purpose of retrieving public IDX company profiles. Before installing, remember that it will contact idx.co.id, depends on third-party Python packages, and its broad security claims should not be treated as a formal guarantee.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The requested stock code will be sent to the IDX website, but the artifacts do not show transmission of local files, credentials, or personal data.
The skill sends a user-provided stock code to an external website. The code validates the input and keeps the destination scoped to the official IDX domain, so this is expected for the stated scraper purpose.
url = f"https://www.idx.co.id/id/perusahaan-tercatat/profil-perusahaan-tercatat/{stock_code}" ... response = requests.get(url, headers=headers, timeout=15)Use it for public stock tickers and be aware that it performs live web requests to idx.co.id.
Installing dependencies may pull the latest compatible package versions from the configured package index.
The install guidance fetches third-party Python packages without a lockfile or exact pins. These dependencies are expected for the scraper, but package provenance and version drift remain normal supply-chain considerations.
uv add requests beautifulsoup4
Install from a trusted package index and consider pinning or locking dependency versions in managed environments.
A user might over-rely on the security statement instead of considering that the skill still performs live network scraping and uses third-party dependencies.
The artifact makes broad security assurances. The provided code appears simple and purpose-aligned, but absolute security claims should not replace reviewing the actual permissions and behavior.
This skill is designed to be fully secure and passes Clawhub's integrated VirusTotal security scan.
Treat the security statement as marketing/context, not a guarantee; rely on the reviewed artifacts and your own install policy.