Power terminal for deep financial research on US public equities — reason through investment theses, screen for ideas, map supply chains, do forensic account...
Security Analysis
high confidenceThe skill's code and runtime instructions are internally consistent with its stated purpose (a read-only research client that forwards user queries to a single hardcoded remote API and prints the returned markdown).
Name and description (financial research CLI) match the code and SKILL.md: the script sends the user's question as a JSON POST to a single hardcoded endpoint and streams an SSE response to stdout. Required binaries and declared dependencies (python3, stdlib only) align with the implementation.
The instructions explicitly limit the skill to one POST to a hardcoded endpoint and streaming the response to stdout. This is implemented in query.py. Important caveat: user queries are transmitted to a third-party endpoint (diggr-agent-prod-...run.app). The SKILL.md asserts 'no telemetry,' but the skill cannot prevent that remote service from logging or collecting queries — so treat query content as being sent off-host.
No install spec; the skill is instruction-only with a small Python CLI file included. No downloads, package installs, or extract operations are present.
The skill requests no environment variables or credentials and the code does not read env vars or local config paths. The lack of required secrets is proportional to the described functionality.
always is false and the skill is not requesting persistent presence or modifying other skills/configs. The script is stateless (no local persistence) and only runs when invoked.
Guidance
This skill is coherent and does what it claims: it sends your question to a single hardcoded external API and prints back markdown. Before installing, consider privacy and compliance: any sensitive or proprietary text you enter will be transmitted to that remote endpoint (hosted on Google Cloud Run at diggr-agent-prod-...run.app) and may be logged by the operator even though the SKILL.md states 'no telemetry.' Verify the endpoint/owner (drillr.ai vs the run.app domain), read the service's privacy terms, and avoid entering secrets, credentials, or nonpublic data. If that exposure is acceptable, the skill appears internally consistent.
Latest Release
v1.0.0
drillr-skill 1.0.0 - Initial release with a safe, read-only research agent for deep financial analysis on US public equities. - Supports thesis-driven screening, supply chain mapping, forensic accounting, cross-company data tabulation, earnings call and SEC filing fact lookup, smart money tracking, financial modeling, and event-driven research in plain English. - Handles all US-listed public companies (NYSE, NASDAQ, OTC) via a single endpoint; strictly stateless with no local or persistent access. - Fully Python stdlib implementation — no third-party dependencies or credential handling required. - All responses are streamed as markdown; skill does not write files, spawn processes, or perform side effects.
Popular Skills
Published by @yx9966 on ClawHub
