Mx Macro Data
v0.1.0基于东方财富数据库,支持自然语言查询全球宏观经济数据,涵盖国民经济核算、价格指数、货币金融、财政收支、对外贸易、就业民生、产业运行等多个领域,适配各类宏观经济研究、市场分析、政策解读等多元专业场景需求。返回结果包含数据说明及 csv 文件。Natural language query for macroecono...
⭐ 0· 34·0 current·0 all-time
by@akiry09
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description claim natural-language macro data queries from 东方财富; the Python script posts to ai-saas.eastmoney.com/proxy/b/mcp/tool/searchMacroData using an EM_API_KEY header and writes CSV/description files. That matches the stated purpose. Minor inconsistency: registry metadata said 'No install spec / instruction-only' while the SKILL.md contains an openclaw 'install' entry for pip (httpx) and a code file (scripts/get_data.py) is included — operationally coherent but metadata bookkeeping is inconsistent.
Instruction Scope
SKILL.md instructions and the script are limited to building a query, calling the EastMoney endpoint, converting returned JSON to CSV, and writing a description text file. The SKILL.md additionally mandates orchestrator-side verification (gap detection and iterative re-calls) which increases orchestration requirements but is within scope for a data-fetching skill. The skill does not instruct reading unrelated system files or other environment variables.
Install Mechanism
No platform-level installer in the registry, but SKILL.md requests pip install httpx (a standard PyPI package). Installing httpx via pip is standard and low-risk. The mismatch between 'no install spec' in registry metadata and the SKILL.md install entry is a bookkeeping inconsistency to be aware of.
Credentials
Only a single environment variable (EM_API_KEY) is required and it is justified: the script places the key in an 'em_api_key' request header to authenticate to EastMoney. There are no other secret/env requests or unrelated credential reads.
Persistence & Privilege
The skill does not request always:true or modify other skills or system-wide config. It writes output files (CSV and description) to a local directory (miaoxiang/mx_macro_data by default) which is expected for a data exporter; this is a normal file-writing behavior and within the skill's scope.
Assessment
This skill appears coherent with its stated purpose, but take these precautions before installing:
- Verify the EM_API_KEY source and scope: ensure the key is issued by the official EastMoney endpoint (https://ai.eastmoney.com/mxClaw), confirm its permissions and that you can revoke/regenerate it.
- Run in an isolated environment (virtualenv, container) when first testing and install httpx there.
- Inspect the included script (scripts/get_data.py) yourself — it posts queries to https://ai-saas.eastmoney.com/proxy/b/mcp/tool/searchMacroData and writes CSV/text files under a local miaoxiang/mx_macro_data folder. If that output location is sensitive, change it or run in a safe working directory.
- Ensure network egress to ai-saas.eastmoney.com is acceptable in your environment and that TLS egress is allowed (the URL uses https).
- Treat EM_API_KEY like any secret: do not embed it in code or logs, and revoke it if you believe it was compromised.
- Note the small metadata inconsistency (registry says no install spec while SKILL.md includes a pip install instruction). Confirm dependency installation (httpx) before running.
If you want, I can summarize the exact network calls and files the script will create or point out any lines in the code you should review closely.Like a lobster shell, security has layers — review code before you run it.
latestvk971t905rgaee9stxf4eydqf21847e6w
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
EnvEM_API_KEY