Stock Analysis
Analyze stocks and cryptocurrencies using Yahoo Finance data. Supports portfolio management, watchlists with alerts, dividend analysis, 8-dimension stock scoring, viral trend detection (Hot Scanner), and rumor/early signal detection. Use for stock analysis, portfolio tracking, earnings reactions, crypto monitoring, trending stocks, or finding rumors before they hit mainstream.
v6.2.0
2026/02/02
🔮 Rumor Scanner: M&A rumors, insider activity, Twitter whispers, impact scoring
v6.1.0
2026/02/02
暂无更新说明。
v5.0.0
2026/01/16
暂无更新说明。
v4.0.0
2026/01/15
暂无更新说明。
v3.0.0
2026/01/15
暂无更新说明。
v2.0.0
2026/01/14
暂无更新说明。
v1.0.1
2026/01/14
暂无更新说明。
v1.0.0
2026/01/14
暂无更新说明。
Security Scan
状态
suspicious
OpenClaw
gpt-5.5
OpenClaw 分析
The skill is a coherent stock-analysis tool, but its optional social scanning asks users to expose live X/Twitter session credentials to an external CLI with overly broad local permissions.
置信度: high
VirusTotal
Type: OpenClaw Skill Name: stock-analysis Version: 6.2.0 The skill is classified as suspicious due to its reliance on an external, user-installed `bird` CLI tool for Twitter/X integration, as detailed in `SKILL.md`, `README.md`, `scripts/hot_scanner.py`, and `scripts/rumor_scanner.py`. This external dependency introduces a supply chain risk, as the security of the skill becomes dependent on the security of the `bird` binary. Furthermore, the skill instructs users to manually extract sensitive `AUTH_TOKEN` and `CT0` session cookies from their browser and store them in a `.env` file, which are then loaded by the Python scripts and passed to the `bird` CLI. While the skill's own code does not appear to intentionally exfiltrate these credentials, this practice exposes sensitive user session tokens to an external binary, significantly increasing the attack surface and potential for unauthorized access if the `bird` CLI or the user's environment is compromised.