Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Hk Ipo Research Assistant

v0.1.1

港股 IPO 打新研究助手。抓取实时数据(孖展、基石、评级、暗盘、A+H折价、中签率),供 AI 分析判断。 触发词:港股打新、新股分析、IPO、孖展、保荐人、暗盘、中签率、基石投资者。 不适用:A 股打新、美股 IPO、基金申购。

1· 734·7 current·7 all-time
bym3@marvae
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implementation: the package contains adapters and CLI commands for fetching IPO-related data (AiPO, AAStocks, HKEX, Futu, TradeSmart, Jisilu), analytics (allotment prediction, A+H comparison), and helper references. The requested actions (pip install, run python scripts/hkipo.py) are proportionate to the stated purpose.
Instruction Scope
SKILL.md directs installing Python deps and running the bundled CLI. Runtime behavior (HTTP requests to third‑party public data sites, parsing HTML/JSON, generating predictions, reading/writing scripts/config/user-profile.yaml, caching) is within scope. The skill reads/writes only files inside its directory (scripts/config/, cache files) and does not instruct reading arbitrary system files or environment variables. It does request the user to enter a user profile (capital, risk, margin, broker) which is saved locally.
Install Mechanism
No platform package manager install spec; SKILL.md requires 'pip install -r scripts/requirements.txt'. Installing Python dependencies is expected for a Python CLI but introduces normal supply-chain risk (pip packages). The requirements.txt file is included in the bundle; users should inspect it before pip install or use an isolated virtualenv. No direct downloads from untrusted URLs were seen in the skill files themselves.
Credentials
The skill declares no required environment variables, no credentials, and no external config paths. All network calls target public data providers needed for market data (see note). It does not request AWS/GitHub/other unrelated keys.
Persistence & Privilege
always:false and default invocation behavior. The skill persists local caches and a user profile under scripts/, which is reasonable for this tool. It does not modify other skills or system-wide agent settings.
Scan Findings in Context
[http_client_usage] expected: The code uses httpx and WebSocket/HTTP connections to fetch data from aipo.myiqdii.com, aastocks.com, hkex (disclosure site), sinajs/qt.gtimg (Tencent/Sina), futu/tradesmart endpoints — all consistent with collecting market/IPO data.
[writes_user_config] expected: The SKILL.md and code write/read scripts/config/user-profile.yaml to store user risk/capital settings; this is expected for personalization.
[pip_install_requirements] expected: SKILL.md instructs installing requirements via pip (scripts/requirements.txt). This is normal, but pip install carries standard dependency risk—inspect the requirements list before installing.
Assessment
This skill appears coherent and implements what it claims: it scrapes public IPO data sources and provides CLI analysis. Before installing, take these precautions: (1) inspect scripts/requirements.txt and run pip inside an isolated virtualenv or container; (2) review the network endpoints the tool will call (aipo.myiqdii.com, aastocks.com, hkex, sinajs/qt.gtimg, futu, tradesmart, etc.) to ensure you are comfortable with outbound connections; (3) be aware the tool will write local cache and a user profile under scripts/ (scripts/config/user-profile.yaml); (4) if you use private credentials for any broker APIs later, check whether the code ever adds new environment variable requirements — currently none are requested. If you want extra assurance, run the CLI in a read-only or sandboxed environment and audit scripts/cache.py and scripts/requirements.txt before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e9wvfpcs9tad27zcvjwd4md820x5p
734downloads
1stars
6versions
Updated 7h ago
v0.1.1
MIT-0

港股打新研究助手

数据来自第三方公开网站,不构成投资建议。

安装依赖

首次使用前安装 Python 依赖:

cd <skill_dir>
pip install -r scripts/requirements.txt

需要 Python 3.10+。

调用方式

所有命令通过 Python 调用:

cd <skill_dir>
python3 scripts/hkipo.py <命令> [参数]

以下文档中的命令(如 overviewanalyze 02692)都省略了前缀,实际调用时加上 python3 scripts/hkipo.py

快速开始

cd <skill_dir>

# 当前招股一览
python3 scripts/hkipo.py overview

# 一键分析(聚合多维度数据)
python3 scripts/hkipo.py analyze 02692

# 单只股票分项查询
python3 scripts/hkipo.py aipo ipo-brief 02692        # 基本信息
python3 scripts/hkipo.py aipo margin-detail 02692    # 孖展明细
python3 scripts/hkipo.py aipo cornerstone 02692      # 基石投资者
python3 scripts/hkipo.py aipo rating-detail 02692    # 机构评级

完整命令清单

概览类

命令说明
overview当前招股 IPO 一览(格式化输出)
calendar资金日历,按截止日期分组
analyze <代码>一键分析(聚合基本面+孖展+基石+评级+保荐人历史)
profile用户画像 + 当前 IPO 数据(读取用户画像,输出当前 IPO 数据供 AI 分析)

AiPO 数据(主力数据源)

命令说明
aipo margin-list孖展列表(当前招股)
aipo margin-detail <代码>单只孖展明细(13+券商)
aipo rating-list新股评级列表
aipo rating-detail <代码>单只评级明细(各机构打分)
aipo ipo-brief <代码>IPO 基本信息(保荐人、发行价、市值、PE)
aipo cornerstone <代码>基石投资者(名单、金额、锁定期、解禁日)
aipo placing <代码>配售结果

暗盘数据

命令说明
aipo grey-list暗盘历史列表
aipo grey-today今日暗盘
aipo grey-trades <代码> --date YYYY-MM-DD暗盘成交明细
aipo grey-prices <代码> --date YYYY-MM-DD暗盘分价表
aipo grey-placing <代码>暗盘配售详情
aipo allotment中签结果列表
aipo scroll市场滚动消息

排名统计

命令说明
aipo bookrunner-rank --start-date --end-date账簿管理人排名
aipo broker-rank --start-date --end-date券商参与度排名
aipo stableprice-rank --start-date --end-date稳价人排名
aipo summary --year 2025年度 IPO 统计
aipo performance --year 2025年度表现统计
aipo by-office --year 2025按注册地统计

历史数据(集思录)

命令说明
jisilu list历史 IPO 列表(表格)
jisilu list --json历史 IPO 列表(JSON)
jisilu list --sponsor XX按保荐人筛选
jisilu detail <代码>单只历史详情

估值计算

命令说明
ah compare <代码> --price <发行价> --name <名称>A+H 折价计算

中签率预测

命令说明
odds --oversub <倍数> --price <价格>中签率表格(甲/乙组各档)
allotment --oversub <倍数> --price <价格>单次中签率预测

其他数据源

命令说明
hkex active港交所活跃申请(含招股书链接)
tradesmart listTradeSmart 数据
futu list富途历史数据

市场情绪判断

命令说明
hsi恒生指数当日表现(大盘情绪)
sponsor保荐人历史排名(胜率、平均首日表现)
sentiment sponsor-search --name <名称>查特定保荐人战绩
etnet list保荐人排名(经济通数据,备用)
etnet search --name <名称>查保荐人(经济通数据)

结合以下数据综合判断:

  • 大盘情绪:HSI 涨跌反映整体风险偏好
  • 保荐人战绩:胜率 >80% 的保荐人历史表现更好
  • 孖展金额:>50亿热门,>100亿爆款
  • 数据源 Fallback:AASTOCKS 挂了自动切换 etnet

输出格式

  • 默认 JSONaipojisilu --jsonah compare
  • 格式化文本overviewcalendaroddsjisilu list
  • --format table:aipo 命令可切换表格输出

分析要点

详见 references/analysis-guide.md,核心:

  • 市场热度:孖展 >50亿 热门,>100亿 爆款
  • 基石投资者:数量 + 质量 + 锁定期
  • 保荐人:用 jisilu list --sponsor 查历史战绩
  • 估值:PE 对比同行,A+H折价 >30% 有安全边际
  • 中签率
    1. margin-detail 获取 oversubscription_forecast(预测超购倍数)
    2. ./hkipo odds --oversub <倍数> --price <发行价> 生成表格
    3. 把表格给用户,让用户根据本金自己决定打几手

用户画像

使用 profile 命令

  1. 运行 ./hkipo profile
  2. 如果没有配置,输出会告诉你需要问用户哪些问题
  3. 问用户:本金、风险偏好、是否用孖展、券商
  4. 把答案写入 scripts/config/user-profile.yaml
  5. 再次运行 profile 获取数据

配置文件 (scripts/config/user-profile.yaml):

capital: 22000           # 港币
risk: conservative       # conservative/balanced/aggressive
margin: never            # never/cautious/active
broker: longbridge

详细参考

  • references/analysis-guide.md — 分析框架详解
  • references/ipo-mechanism.md — 机制详解(回拨、红鞋、绿鞋)
  • references/aipo-api.md — AiPO API 完整文档

Comments

Loading comments...