ClawHub

China Stock Market Shanghai Shenzhen Index

v1.0.0

Get China A-share market data (Shanghai/SH and Shenzhen/SZ) via FinanceAgent on OneKey Gateway.

0· 63·0 current·0 all-time
by@ai-hub-admin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (fetch China SH/SZ market data) matches the declared runtime behavior: it requires a OneKey Gateway access key and calls the FinanceAgent API. The env var DEEPNLP_ONEKEY_ROUTER_ACCESS is appropriate for this gateway-based integration.
Instruction Scope
SKILL.md only instructs setting the OneKey access key, using the provided npm package or calling the documented endpoint (agent.deepnlp.org) with the appropriate payload. It does not request unrelated files, system configuration, or other credentials.
Install Mechanism
The skill is instruction-only (no code files), but SKILL.md lists a dependency (@aiagenta2z/onekey-gateway) and an npm -g install command. The registry metadata indicated 'No install spec', creating a minor inconsistency. Installing a third-party npm package globally can execute arbitrary code from that package — verify the package source, version, and trustworthiness before installing and prefer non-global or ephemeral usage (npx) if possible.
Credentials
Only one environment variable (DEEPNLP_ONEKEY_ROUTER_ACCESS) is required and is directly relevant to connecting to the OneKey Gateway. No other secrets, keys, or config paths are requested.
Persistence & Privilege
The skill does not request 'always:true' or other elevated persistence. It is user-invocable and allows autonomous invocation by default (platform default), which is expected for skills.
Assessment
This skill appears coherent for fetching China market data via the OneKey Gateway. Before installing or running the suggested npm command: (1) verify the npm package @aiagenta2z/onekey-gateway on the npm registry or its repository to ensure it is legitimate; (2) avoid global installation when possible (use npx or a local install) to reduce risk; (3) use a least-privileged OneKey access key (read-only if supported) and confirm you trust the endpoint (https://agent.deepnlp.org) before sending your credentials; (4) if you cannot verify the npm package or gateway, do not install and consider contacting the publisher for provenance.

Like a lobster shell, security has layers — review code before you run it.

latestvk973benh60vzc0rq3tw6atvj8h83xta8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments