openclaw-tradingview-quant Security Report — Low Risk | ClawSafe

15 /100

openclaw-tradingview-quant

Professional quantitative investment analysis frameworks and methodologies based on TradingView data structures for stock analysis, technical indicators, market screening, and risk management

This is a pure documentation/methodology skill with no executable code, scripts, or dependencies. The only concern is a misleading documentation claim and a placeholder API key string in SECURITY.md, but no actual malicious behavior is present.

Skill Nameopenclaw-tradingview-quant

Duration34.5s

Enginepi

✓

Safe to install

Update README.md to accurately reflect that API keys ARE needed for real-time data access. Remove or clarify the 'your-actual-key-here' placeholder in SECURITY.md to prevent user confusion.

Findings 2 items

Severity	Finding	Location
Low	Misleading 'No API keys needed' claim Doc Mismatch README.md states 'No API keys needed, no external dependencies' but SECURITY.md instructs users to set API_KEY environment variable for RapidAPI access. This doc-to-code mismatch could confuse users about actual requirements. `🔒 Safe and Secure - No API keys needed, no external dependencies` → Update README.md to accurately state that API keys are optional but recommended for real-time data access, or remove this claim entirely	`README.md:14`
Low	Placeholder credential string in SECURITY.md Sensitive Access SECURITY.md line 89 contains 'API_KEY="your-actual-key-here"' which could be mistaken for an actual credential or tempt users to try this exact string. The 'your-actual-key-here' makes it clearly a placeholder. `export RAPIDAPI_KEY="your-actual-key-here"` → Consider using a clearly fake format like 'YOUR_RAPIDAPI_KEY_HERE' or '<YOUR_KEY>' instead	`SECURITY.md:89`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`NONE`	—	No file operations found - pure documentation skill
Network	`READ`	`READ`	✓ Aligned	SKILL.md references RapidAPI endpoints for data structure reference only
Shell	`NONE`	`NONE`	—	No scripts/ directory, no executable code, no subprocess calls
Environment	`NONE`	`NONE`	—	No environment variable access in any file
Skill Invoke	`NONE`	`NONE`	—	No skill invocation capabilities
Clipboard	`NONE`	`NONE`	—	No clipboard operations
Browser	`NONE`	`NONE`	—	No browser automation
Database	`NONE`	`NONE`	—	No database operations

1 High 35 findings

🔑

High API Key 疑似硬编码凭证

API_KEY="your-actual-key-here"

SECURITY.md:89

🔗

Medium External URL 外部 URL

https://img.shields.io/badge/install-skills-blue

README.md:3

🔗

Medium External URL 外部 URL

https://skills.sh/ljsd666/openclaw-tradingview-quant/openclaw-tradingview-quant

README.md:3

🔗

Medium External URL 外部 URL

https://img.shields.io/github/stars/ljsd666/openclaw-tradingview-quant?style=social

README.md:4

🔗

Medium External URL 外部 URL

https://rapidapi.com/hypier/api/tradingview-data1

README.md:111

🔗

Medium External URL 外部 URL

https://rapidapi.com

SECURITY.md:57

🔗

Medium External URL 外部 URL

https://rapidapi.com/terms/

SECURITY.md:60

🔗

Medium External URL 外部 URL

https://rapidapi.com/privacy/

SECURITY.md:61

🔗

Medium External URL 外部 URL

https://tradingview-data1.p.rapidapi.com/api/price/BINANCE:BTCUSDT?timeframe=1&range=10

references/api-examples/01-price-data.txt:2

🔗

Medium External URL 外部 URL

https://www.binance.com/en

references/api-examples/01-price-data.txt:107

🔗

Medium External URL 外部 URL

https://tradingview-data1.p.rapidapi.com/api/price/batch

references/api-examples/01-price-data.txt:177

🔗

Medium External URL 外部 URL

https://markets.cboe.com/us/equities/overview/

references/api-examples/01-price-data.txt:784

🔗

Medium External URL 外部 URL

https://tradingview-data1.p.rapidapi.com/api/quote/batch

references/api-examples/02-quote-data.txt:2

🔗

Medium External URL 外部 URL

http://www.apple.com

references/api-examples/02-quote-data.txt:124

🔗

Medium External URL 外部 URL

https://tradingview-data1.p.rapidapi.com/api/quote/BINANCE:BTCUSDT?session=regular&fields=all

references/api-examples/02-quote-data.txt:180

🔗

Medium External URL 外部 URL

https://tradingview-data1.p.rapidapi.com/api/search/market/AAPL?filter=stock

references/api-examples/03-market-search.txt:2

🔗

Medium External URL 外部 URL

https://tradingview-data1.p.rapidapi.com/api/ta/NASDAQ:TSLA/indicators

references/api-examples/04-technical-analysis.txt:2

🔗

Medium External URL 外部 URL

https://tradingview-data1.p.rapidapi.com/api/ta/NASDAQ:AAPL

references/api-examples/04-technical-analysis.txt:96

🔗

Medium External URL 外部 URL

https://tradingview-data1.p.rapidapi.com/api/leaderboard/corporate-bonds?columnset=overview&tab=highest-yield&start=0&la...

references/api-examples/05-leaderboards.txt:2

🔗

Medium External URL 外部 URL

https://tradingview-data1.p.rapidapi.com/api/news/economic?lang=en

references/api-examples/06-news.txt:2

🔗

Medium External URL 外部 URL

https://tradingeconomics.com/sweden/monthly-gdp-mom

references/api-examples/06-news.txt:109

🔗

Medium External URL 外部 URL

https://tradingeconomics.com/germany/exports

references/api-examples/06-news.txt:184

🔗

Medium External URL 外部 URL

https://tradingeconomics.com/lithuania/balance-of-trade

references/api-examples/06-news.txt:204

🔗

Medium External URL 外部 URL

https://tradingeconomics.com/sweden/new-orders

references/api-examples/06-news.txt:224

🔗

Medium External URL 外部 URL

https://tradingeconomics.com/commodity/eu-natural-gas

references/api-examples/06-news.txt:257

🔗

Medium External URL 外部 URL

https://tradingeconomics.com/germany/balance-of-trade

references/api-examples/06-news.txt:277

🔗

Medium External URL 外部 URL

https://tradingview-data1.p.rapidapi.com/api/metadata/exchanges

references/api-examples/07-metadata.txt:2

🔗

Medium External URL 外部 URL

https://tradingview-data1.p.rapidapi.com/api/calendar/economic?from=1769356800&to=1769961599&market=america

references/api-examples/08-calendar.txt:2

🔗

Medium External URL 外部 URL

https://www.chicagofed.org/

references/api-examples/08-calendar.txt:22

🔗

Medium External URL 外部 URL

https://www.census.gov/

references/api-examples/08-calendar.txt:65

🔗

Medium External URL 外部 URL

https://www.census.gov

references/api-examples/08-calendar.txt:88

🔗

Medium External URL 外部 URL

https://www.dallasfed.org

references/api-examples/08-calendar.txt:177

🔗

Medium External URL 外部 URL

http://www.treasurydirect.gov

references/api-examples/08-calendar.txt:197

🔗

Medium External URL 外部 URL

https://tradingview-data1.p.rapidapi.com/logo?url=apple&big=false

references/api-examples/09-logo.txt:2

🔗

Medium External URL 外部 URL

https://tradingview-data1.p.rapidapi.com/api/...

references/api-examples/README.md:32

File Tree

35 files · 214.1 KB · 7291 lines

Markdown 26f · 5063L Text 9f · 2228L

├─ ▾ 📁 references

│ ├─ ▾ 📁 api-examples

│ │ ├─ 📄 01-price-data.txt Text 890L · 25.8 KB

│ │ ├─ 📄 02-quote-data.txt Text 235L · 8.0 KB

│ │ ├─ 📄 03-market-search.txt Text 100L · 2.8 KB

│ │ ├─ 📄 04-technical-analysis.txt Text 147L · 4.1 KB

│ │ ├─ 📄 05-leaderboards.txt Text 200L · 5.8 KB

│ │ ├─ 📄 06-news.txt Text 300L · 9.6 KB

│ │ ├─ 📄 07-metadata.txt Text 150L · 3.6 KB

│ │ ├─ 📄 08-calendar.txt Text 200L · 7.9 KB

│ │ ├─ 📄 09-logo.txt Text 6L · 210 B

│ │ └─ 📝 README.md Markdown 45L · 1.4 KB

│ ├─ 📝 api-documentation.md Markdown 606L · 22.7 KB

│ ├─ 📝 api-tools-guide.md Markdown 191L · 7.2 KB

│ ├─ 📝 china-a-stock-examples.md Markdown 98L · 2.0 KB

│ ├─ 📝 pattern-library.md Markdown 632L · 13.5 KB

│ ├─ 📝 risk-management.md Markdown 703L · 14.7 KB

│ ├─ 📝 technical-analysis.md Markdown 348L · 9.6 KB

│ └─ 📝 us-stock-examples.md Markdown 341L · 6.9 KB

├─ ▾ 📁 workflows

│ ├─ 📝 calendar-tracking.md Markdown 96L · 2.9 KB

│ ├─ 📝 deep-stock-analysis.md Markdown 132L · 3.5 KB

│ ├─ 📝 event-analysis.md Markdown 132L · 4.4 KB

│ ├─ 📝 exchange-overview.md Markdown 98L · 2.9 KB

│ ├─ 📝 fundamental-screening.md Markdown 122L · 3.3 KB

│ ├─ 📝 market-review.md Markdown 137L · 3.3 KB

│ ├─ 📝 multi-symbol-analysis.md Markdown 89L · 2.7 KB

│ ├─ 📝 multi-timeframe-analysis.md Markdown 108L · 3.6 KB

│ ├─ 📝 news-briefing.md Markdown 91L · 2.4 KB

│ ├─ 📝 pattern-recognition.md Markdown 117L · 3.7 KB

│ ├─ 📝 realtime-monitor.md Markdown 88L · 2.4 KB

│ ├─ 📝 risk-assessment.md Markdown 129L · 4.1 KB

│ ├─ 📝 sector-rotation.md Markdown 122L · 3.5 KB

│ ├─ 📝 smart-screening.md Markdown 115L · 3.3 KB

│ └─ 📝 symbol-search.md Markdown 72L · 1.9 KB

├─ 📝 README.md Markdown 221L · 9.2 KB

├─ 📝 SECURITY.md Markdown 121L · 4.2 KB

└─ 📝 SKILL.md Markdown 109L · 6.9 KB

Security Positives

✓ No executable code or scripts present - purely documentation-based skill

✓ No credential harvesting or exfiltration mechanisms

✓ No obfuscated code or base64 payloads

✓ No supply chain risks (no dependencies to attack)

✓ Good prompt injection awareness in SKILL.md (news content sanitization section)

✓ Comprehensive security policy documentation for API key handling

✓ Legitimate external URLs point to known services (RapidAPI, TradingView)

✓ No hidden functionality - all behavior is documentation and analysis methodology

Scan Report

Findings 2 items

File Tree

Security Positives