Stock Analysis
Analyze stocks and cryptocurrencies using Yahoo Finance data. Supports portfolio management, watchlists with alerts, dividend analysis, 8-dimension stock scoring, viral trend detection (Hot Scanner), and rumor/early signal detection. Use for stock analysis, portfolio tracking, earnings reactions, crypto monitoring, trending stocks, or finding rumors before they hit mainstream.
App-Plan.md
text/markdown · 14708 bytes
README.md
text/markdown · 6390 bytes
SKILL.md
text/markdown · 8230 bytes
TODO.md
text/markdown · 12848 bytes
docs/ARCHITECTURE.md
text/markdown · 16594 bytes
docs/CONCEPT.md
text/markdown · 9101 bytes
docs/HOT_SCANNER.md
text/markdown · 5865 bytes
docs/README.md
text/markdown · 2405 bytes
docs/USAGE.md
text/markdown · 8898 bytes
scripts/analyze_stock.py
text/plain · 89930 bytes
scripts/dividends.py
text/plain · 13130 bytes
scripts/hot_scanner.py
text/plain · 24620 bytes
scripts/portfolio.py
text/plain · 18897 bytes
scripts/rumor_scanner.py
text/plain · 11578 bytes
scripts/test_stock_analysis.py
text/plain · 11958 bytes
scripts/watchlist.py
text/plain · 11542 bytes
skill-card.md
text/markdown · 2643 bytes
Security Scan
Status
suspicious
OpenClaw
gpt-5.5
OpenClaw analysis
The skill is a coherent stock-analysis tool, but its optional social scanning asks users to expose live X/Twitter session credentials to an external CLI with overly broad local permissions.
Confidence: high
VirusTotal
Type: OpenClaw Skill Name: stock-analysis Version: 6.2.0 The skill is classified as suspicious due to its reliance on an external, user-installed `bird` CLI tool for Twitter/X integration, as detailed in `SKILL.md`, `README.md`, `scripts/hot_scanner.py`, and `scripts/rumor_scanner.py`. This external dependency introduces a supply chain risk, as the security of the skill becomes dependent on the security of the `bird` binary. Furthermore, the skill instructs users to manually extract sensitive `AUTH_TOKEN` and `CT0` session cookies from their browser and store them in a `.env` file, which are then loaded by the Python scripts and passed to the `bird` CLI. While the skill's own code does not appear to intentionally exfiltrate these credentials, this practice exposes sensitive user session tokens to an external binary, significantly increasing the attack surface and potential for unauthorized access if the `bird` CLI or the user's environment is compromised.