Skills
skills/sundial-org/awesome-openclaw-skills/finance-news/Gen Agent Trust Hub

finance-news

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes subprocess.run to call external CLI tools like openclaw, gemini-cli, and openbb-quote. These operations are well-scoped to financial data retrieval and notification delivery, using direct execution without a shell for untrusted inputs.
  • [EXTERNAL_DOWNLOADS]: The skill connects to established financial news RSS feeds (Yahoo Finance, CNBC, Reuters, Bloomberg) and reputable APIs (Finnhub, FMP). These connections are essential for the skill's core functionality.
  • [PROMPT_INJECTION]: To mitigate risks from external data, the skill employs a hardened system prompt that instructs the LLM to ignore any commands embedded within the news headlines it processes.
  • [DATA_EXPOSURE]: Sensitive data such as API keys and cookies are managed through environment variables or locally stored configuration files. Documentation provides clear instructions on securing these files (e.g., using chmod 600) and avoiding version control leaks.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 01:17 PM