The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill fetches financial data, news headlines, and market indicators from established and well-known services including Yahoo Finance, Google News, CoinGecko, and CNN Fear & Greed. These are legitimate data sources for the skill's intended purpose.
[COMMAND_EXECUTION]: The skill uses the subprocess module to execute internal scripts (e.g., analyze_stock.py via uv run) and the external bird CLI tool for Twitter/X sentiment analysis. These executions are scoped to the skill's core functionality and rely on user-installed tools.
[DATA_EXPOSURE]: Local storage for portfolios and watchlists is managed within the ~/.clawdbot/skills/stock-analysis/ directory. No sensitive user data or system files are accessed or transmitted to untrusted external domains.
[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external data in the form of news headlines and social media posts from Google News, Reddit, and Twitter.
Ingestion points: scripts/hot_scanner.py and scripts/rumor_scanner.py ingest titles and text from RSS feeds and social media APIs.
Boundary markers: Absent; external content is interpolated directly into scoring logic and display summaries.
Capability inventory: Subprocess execution is available in scripts/hot_scanner.py, scripts/rumor_scanner.py, and scripts/watchlist.py.
Sanitization: The skill uses regex-based ticker extraction and keyword matching, which provides a layer of validation, though no comprehensive LLM-specific sanitization is implemented for displayed text.

stock-analysis