← Back to Skills Marketplace
nidhov01

Stock Analysis

by nidhov01 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
255
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install nidhov01-stock-analysis
Description
Analyze stocks and cryptocurrencies using Yahoo Finance data. Supports portfolio management, watchlists with alerts, dividend analysis, 8-dimension stock sco...
Usage Guidance
This skill largely implements what it claims (stock/crypto analysis, hot scanner, watchlists), but there are red flags you should consider before installing: - Do not grant Full Disk Access or copy browser cookies just to enable Twitter features. Instead, prefer creating API credentials via official developer access if you need social data; copying cookies is risky and can expose other accounts. - Inspect the 'uv' brew formula before installing. Confirm it is the tool you expect (or run the Python scripts directly with python3 in a controlled environment). - The repository references optional notification integrations (Feishu, Telegram, etc.) but does not declare required env vars — check each script for where it expects tokens and where it would send data (webhook URLs). Avoid putting secrets in plaintext .env files in your home directory. - Run the code in an isolated environment (VM or container) and audit outgoing network calls before giving it persistent access or cron jobs. Monitor what endpoints the scripts contact and ensure they are legitimate (Yahoo, CoinGecko, Google News, SEC, approved APIs). - If you only need basic analysis, run scripts without optional integrations (use --no-social / --fast flags) to avoid the parts that require extra credentials. If you want, I can: (1) show the specific files that attempt to read environment variables or cookies, (2) help inspect the brew formula for 'uv', or (3) produce a short checklist to harden running this skill (containerization, least-privilege, secrets handling).
Capability Analysis
Type: OpenClaw Skill Name: nidhov01-stock-analysis Version: 1.0.0 The skill bundle contains hardcoded Feishu (Lark) recipient IDs (e.g., 'ou_f1a29f8d231d21d113acbea658fc45fe') in scripts/daily_review_auto.py and scripts/send_feishu_review.py, which would direct the user's private portfolio data and market reports to a specific external account. While likely a developer oversight from a personal automation setup, this poses a significant data exfiltration risk. Furthermore, the skill requires users to store sensitive Twitter session tokens (AUTH_TOKEN, CT0) in a .env file and uses subprocess.run to execute the 'bird' CLI in scripts/hot_scanner.py and scripts/rumor_scanner.py, which are high-risk behaviors for a generic skill bundle.
Capability Assessment
Purpose & Capability
The repository contains a large Python-based analysis tool (many scripts) that matches the stated purpose (Yahoo Finance-based analysis, hot scanner, watchlists, portfolio). However the declared runtime requirement is only a single binary 'uv' (installed via a brew formula), while most scripts are Python and are also run with python3 in the docs. Requiring 'uv' for a Python CLI wrapper is unusual but plausible if 'uv' is a runner; it's worth verifying the brew formula before installing.
Instruction Scope
SKILL.md and docs instruct users to obtain Twitter/X auth by extracting browser cookies (AUTH_TOKEN and CT0) and explicitly recommend granting Terminal 'Full Disk Access' on macOS to read browser state. Those steps request access to highly sensitive data (browser cookies) and broaden the skill's runtime privileges beyond what is needed for stock analysis. The docs also suggest cron jobs and writing logs (including /var/log/hot_scanner.log), and reference storing portfolios/watchlists under the user's home directory — this scope of file access and instructions to harvest cookies are concerning.
Install Mechanism
The only formal install spec is a brew formula for 'uv'. No remote downloads, archives, or obscure URLs are present in the install spec, which is lower risk than arbitrary URL installs. That said, 'uv' is not a commonly-known Python runtime and you should inspect the brew formula to confirm what it installs and whether it runs arbitrary code or downloads further artifacts.
Credentials
The registry metadata declares no required environment variables, but the documentation and scripts clearly reference multiple optional secrets (Twitter/X tokens AUTH_TOKEN & CT0 for bird CLI, possible webhook tokens for Feishu/Telegram/other notifications). Those optional credentials are not declared in requires.env. Instructions that encourage extracting browser cookies to populate these env vars are disproportionate and risky. Also the project references an SEC identity email and suggests EDGAR calls; these are less sensitive but indicate external-data queries that may require contact info or rate-limit handling.
Persistence & Privilege
The skill is not marked always:true and does not request elevated platform privileges. It does persist user data into ~/.clawdbot/skills/stock-analysis (portfolios.json, watchlist.json) and suggests cron automation and log files (including /var/log paths). Storing tokens in .env or adding cron jobs increases persistence and blast radius if credentials are present. Autonomous invocation (model invocation enabled) is the platform default; combined with the other concerns (cookie extraction, undeclared secrets) that raises the potential impact.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install nidhov01-stock-analysis
  3. After installation, invoke the skill by name or use /nidhov01-stock-analysis
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Fork - 2026.3.16
Metadata
Slug nidhov01-stock-analysis
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Stock Analysis?

Analyze stocks and cryptocurrencies using Yahoo Finance data. Supports portfolio management, watchlists with alerts, dividend analysis, 8-dimension stock sco... It is an AI Agent Skill for Claude Code / OpenClaw, with 255 downloads so far.

How do I install Stock Analysis?

Run "/install nidhov01-stock-analysis" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Stock Analysis free?

Yes, Stock Analysis is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Stock Analysis support?

Stock Analysis is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Stock Analysis?

It is built and maintained by nidhov01 (@nidhov01); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463942 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259883 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200739 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191401 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190375 · by oswalpalash

💬 Comments