stock-rumors-zh
PassAudited by ClawScan on May 10, 2026.
Overview
This skill appears to be a straightforward AISA-based market-rumor report generator, with expected API-key and external-service use but no evidence of trading, persistence, or local data access.
Before installing, confirm you trust AISA and the configured API endpoint, use a dedicated API key if possible, and treat the generated market-rumor report as unverified information rather than financial advice.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill may consume AISA API quota or expose queries under the user's AISA account.
The script uses the AISA API key to authenticate to the provider, which is expected for this integration but still gives the skill delegated access to a paid or private API account.
api_key = os.environ.get("AISA_API_KEY") ... return OpenAI(api_key=api_key, base_url=base_url)Use a dedicated, least-privileged AISA key if available, monitor API usage, and rotate the key if it is exposed.
Ticker interests, prompts, and the API key are sent to the configured endpoint; a misconfigured endpoint could receive that information.
The script sends the request to an external AISA-compatible API endpoint, and the destination can be changed with an environment variable.
base_url = os.environ.get("AISA_BASE_URL", "https://api.aisa.one/v1")Leave AISA_BASE_URL unset unless intentionally using a trusted compatible endpoint, and avoid including sensitive personal trading strategy details in prompts.
Dependency resolution may install a newer OpenAI SDK version than the author tested.
The script relies on an external Python package with a broad version range, while the skill has no separate install spec or lockfile.
# dependencies = [ # "openai>=1.0.0", # ]
Install dependencies from trusted package sources and consider pinning or reviewing the exact OpenAI SDK version used.