Stock Analysis
Analyze stocks and cryptocurrencies using Yahoo Finance data. Supports portfolio management, watchlists with alerts, dividend analysis, 8-dimension stock scoring, viral trend detection (Hot Scanner), and rumor/early signal detection. Use for stock analysis, portfolio tracking, earnings reactions, crypto monitoring, trending stocks, or finding rumors before they hit mainstream.
App-Plan.md
text/markdown · 14708 字节
README.md
text/markdown · 6390 字节
SKILL.md
text/markdown · 8230 字节
TODO.md
text/markdown · 12848 字节
docs/ARCHITECTURE.md
text/markdown · 16594 字节
docs/CONCEPT.md
text/markdown · 9101 字节
docs/HOT_SCANNER.md
text/markdown · 5865 字节
docs/README.md
text/markdown · 2405 字节
docs/USAGE.md
text/markdown · 8898 字节
scripts/analyze_stock.py
text/plain · 89930 字节
scripts/dividends.py
text/plain · 13130 字节
scripts/hot_scanner.py
text/plain · 24620 字节
scripts/portfolio.py
text/plain · 18897 字节
scripts/rumor_scanner.py
text/plain · 11578 字节
scripts/test_stock_analysis.py
text/plain · 11958 字节
scripts/watchlist.py
text/plain · 11542 字节
Security Scan
状态
suspicious
OpenClaw
gpt-5-mini
OpenClaw 分析
The skill mostly matches a stock-analysis tool, but there are multiple incoherences and risky instructions (cookie extraction / granting Terminal Full Disk Access, undeclared env vars, and an unexplained 'uv' dependency) that the user should review before installing or running it.
置信度: high
VirusTotal
Type: OpenClaw Skill Name: stock-analysis Version: 6.2.0 The skill is classified as suspicious due to its reliance on an external, user-installed `bird` CLI tool for Twitter/X integration, as detailed in `SKILL.md`, `README.md`, `scripts/hot_scanner.py`, and `scripts/rumor_scanner.py`. This external dependency introduces a supply chain risk, as the security of the skill becomes dependent on the security of the `bird` binary. Furthermore, the skill instructs users to manually extract sensitive `AUTH_TOKEN` and `CT0` session cookies from their browser and store them in a `.env` file, which are then loaded by the Python scripts and passed to the `bird` CLI. While the skill's own code does not appear to intentionally exfiltrate these credentials, this practice exposes sensitive user session tokens to an external binary, significantly increasing the attack surface and potential for unauthorized access if the `bird` CLI or the user's environment is compromised.