tradingview-screener Security Report — Trusted | ClawSafe

5 /100

tradingview-screener

Screen markets across 6 asset classes using TradingView data

A clean, legitimate market data screening tool with no security concerns. All capabilities match documentation, expression sandboxing is properly implemented, and no sensitive operations are performed.

Skill Nametradingview-screener

Duration39.4s

Enginepi

✓

Safe to install

This skill is safe to use. No action required.

Findings 1 items

Severity	Finding	Location
Low	Expression validation uses keyword blocklist Sensitive Access signal_types.py blocks dangerous keywords like 'import', 'exec', 'eval', 'open', 'os', 'sys', 'lambda' in user expressions. While df.eval() provides inherent DataFrame sandboxing, the blocklist approach could miss some edge cases. `EXPR_BLOCKED_KEYWORDS = {'import', 'exec', 'eval', '__', 'open', 'os', 'sys', 'lambda'}` → Consider using AST parsing instead of regex for more robust validation	`scripts/signal_types.py:22`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`NONE`	`READ`	✓ Aligned	Reads YAML config files only
Network	`NONE`	`READ`	✓ Aligned	tvscreener library makes public API calls
Shell	`NONE`	`NONE`	—	No shell execution found
Environment	`NONE`	`NONE`	—	No environment variable access

File Tree

19 files · 59.6 KB · 2145 lines

Markdown 5f · 1032L Python 7f · 881L YAML 4f · 166L Shell 1f · 51L JSON 1f · 11L Text 1f · 4L

├─ ▾ 📁 assets

│ └─ 📋 signal-template.yaml YAML 58L · 1.6 KB

├─ ▾ 📁 references

│ ├─ 📝 computed-signals-guide.md Markdown 222L · 5.0 KB

│ ├─ 📝 field-presets.md Markdown 281L · 6.9 KB

│ ├─ 📝 strategy-templates.md Markdown 235L · 5.8 KB

│ └─ 📝 tvscreener-api-guide.md Markdown 174L · 4.5 KB

├─ ▾ 📁 scripts

│ ├─ ▾ 📁 tests

│ │ ├─ 🐍 __init__.py Python 0 B

│ │ ├─ 🐍 test_screen.py Python 135L · 3.9 KB

│ │ └─ 🐍 test_signal_engine.py Python 191L · 5.9 KB

│ ├─ 📄 requirements.txt Text 4L · 58 B

│ ├─ 🐍 screen.py Python 125L · 4.5 KB

│ ├─ 🐍 screener_constants.py Python 88L · 2.9 KB

│ ├─ 🐍 signal_engine.py Python 169L · 5.5 KB

│ └─ 🐍 signal_types.py Python 173L · 5.5 KB

├─ ▾ 📁 state

│ └─ ▾ 📁 signals

│ ├─ 📋 golden-cross.yaml YAML 35L · 728 B

│ ├─ 📋 oversold-bounce.yaml YAML 36L · 766 B

│ └─ 📋 volume-breakout.yaml YAML 37L · 772 B

├─ 📋 _meta.json JSON 11L · 292 B

├─ 🔧 install.sh Shell 51L · 1.2 KB

└─ 📝 SKILL.md Markdown 120L · 3.8 KB

Dependencies 4 items

Package	Version	Source	Known Vulns	Notes
`tvscreener`	`>=0.2.0`	pip	No	Public TradingView API wrapper
`pandas`	`>=2.0.0`	pip	No	Standard data analysis library
`pyyaml`	`>=6.0`	pip	No	Uses yaml.safe_load for YAML parsing
`pytest`	`>=7.0.0`	pip	No	Development dependency only

Security Positives

✓ No credential harvesting or environment variable access

✓ No shell execution or subprocess calls

✓ No file writes to sensitive paths

✓ No base64 encoding or obfuscation

✓ Expression validation with blocked keywords and df.eval() sandboxing

✓ Clean, documented market data operations only

✓ No external data exfiltration

✓ Proper test coverage validates behavior

Scan Report

Findings 1 items

File Tree

Dependencies 4 items

Security Positives