openclaw-stock-skill
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill interacts with the service provider's endpoints at
data.diemeng.chatandmg.diemeng.chatto fetch stock, ETF, and bond data. This communication is essential for the skill's primary function and is clearly documented. - [CREDENTIALS_UNSAFE]: The implementation correctly handles authentication by prompting the user to provide an API key via the
STOCK_API_KEYenvironment variable or a localconfig.jsonfile. No hardcoded secrets were found in the scripts. - [REMOTE_CODE_EXECUTION]: There are no detected patterns of remote code execution. The skill does not perform any unverified script downloads or use unsafe execution functions like
evalorexecwith external input. - [COMMAND_EXECUTION]: The skill scripts are focused on data retrieval and processing using the
requestslibrary. No arbitrary or suspicious shell command executions were identified.
Audit Metadata