openclaw-stock-skill

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill interacts with the service provider's endpoints at data.diemeng.chat and mg.diemeng.chat to fetch stock, ETF, and bond data. This communication is essential for the skill's primary function and is clearly documented.
  • [CREDENTIALS_UNSAFE]: The implementation correctly handles authentication by prompting the user to provide an API key via the STOCK_API_KEY environment variable or a local config.json file. No hardcoded secrets were found in the scripts.
  • [REMOTE_CODE_EXECUTION]: There are no detected patterns of remote code execution. The skill does not perform any unverified script downloads or use unsafe execution functions like eval or exec with external input.
  • [COMMAND_EXECUTION]: The skill scripts are focused on data retrieval and processing using the requests library. No arbitrary or suspicious shell command executions were identified.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 03:18 PM
Security Audit — agent-trust-hub — openclaw-stock-skill