Stock Analysis
Analyze stocks and cryptocurrencies using Yahoo Finance data. Supports portfolio management, watchlists with alerts, dividend analysis, 8-dimension stock scoring, viral trend detection (Hot Scanner), and rumor/early signal detection. Use for stock analysis, portfolio tracking, earnings reactions, crypto monitoring, trending stocks, or finding rumors before they hit mainstream.
App-Plan.md
text/markdown · 14708 bytes
README.md
text/markdown · 6390 bytes
SKILL.md
text/markdown · 8230 bytes
TODO.md
text/markdown · 12848 bytes
docs/ARCHITECTURE.md
text/markdown · 16594 bytes
docs/CONCEPT.md
text/markdown · 9101 bytes
docs/HOT_SCANNER.md
text/markdown · 5865 bytes
docs/README.md
text/markdown · 2405 bytes
docs/USAGE.md
text/markdown · 8898 bytes
scripts/analyze_stock.py
text/plain · 89930 bytes
scripts/dividends.py
text/plain · 13130 bytes
scripts/hot_scanner.py
text/plain · 24620 bytes
scripts/portfolio.py
text/plain · 18897 bytes
scripts/rumor_scanner.py
text/plain · 11578 bytes
scripts/test_stock_analysis.py
text/plain · 11958 bytes
scripts/watchlist.py
text/plain · 11542 bytes
Security Scan
Status
suspicious
OpenClaw
gpt-5-mini
OpenClaw analysis
The skill mostly matches a stock-analysis tool, but there are multiple incoherences and risky instructions (cookie extraction / granting Terminal Full Disk Access, undeclared env vars, and an unexplained 'uv' dependency) that the user should review before installing or running it.
Confidence: high
VirusTotal
Type: OpenClaw Skill Name: stock-analysis Version: 6.2.0 The skill is classified as suspicious due to its reliance on an external, user-installed `bird` CLI tool for Twitter/X integration, as detailed in `SKILL.md`, `README.md`, `scripts/hot_scanner.py`, and `scripts/rumor_scanner.py`. This external dependency introduces a supply chain risk, as the security of the skill becomes dependent on the security of the `bird` binary. Furthermore, the skill instructs users to manually extract sensitive `AUTH_TOKEN` and `CT0` session cookies from their browser and store them in a `.env` file, which are then loaded by the Python scripts and passed to the `bird` CLI. While the skill's own code does not appear to intentionally exfiltrate these credentials, this practice exposes sensitive user session tokens to an external binary, significantly increasing the attack surface and potential for unauthorized access if the `bird` CLI or the user's environment is compromised.