Back to skill
Skillv1.0.3
ClawScan security
A-Stock Kline Analyzer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 12, 2026, 11:39 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent with a Chinese A‑share K‑line analysis tool: it only requires Python and common data/plot libraries, fetches data from Sina/baostock, and the included code matches the described functionality.
- Guidance
- This appears to be a straightforward stock analysis tool. Before running: (1) inspect the bundled Python files (they are provided) and confirm you are comfortable with network requests to hq.sinajs.cn and Baostock; (2) install dependencies inside a virtualenv (avoid --break-system-packages and running as root); (3) if you run batch_analyze, note it will fetch multiple tickers sequentially and make outbound HTTP requests; (4) if you have privacy/security concerns, run the tool in an isolated environment. No hidden endpoints or secret exfiltration were observed in the provided files.
Review Dimensions
- Purpose & Capability
- okName/description, SKILL.md, and the included Python files all consistently implement stock K‑line retrieval (Baostock) and realtime prices (Sina), technical indicators, pattern recognition, reporting and optional plotting. Required binaries and declared Python dependencies align with that purpose.
- Instruction Scope
- okRuntime instructions and example commands only call the included scripts and require typical libs; the code fetches data from hq.sinajs.cn and Baostock and does not read unrelated system files or environment variables. No broad or vague 'gather context' instructions are present.
- Install Mechanism
- noteThis is an instruction‑only skill (no packaged installer). It bundles Python source files and asks the user to pip install baostock/pandas/matplotlib. That is normal for a Python tool, but the SKILL.md suggests using pip with --break-system-packages — prefer installing into a virtualenv to avoid modifying system packages.
- Credentials
- okThe skill declares no required environment variables, and the code does not attempt to read secrets or unrelated credentials. Network access to Sina and Baostock is expected and proportionate to the stated functionality.
- Persistence & Privilege
- okThe skill does not request permanent/always inclusion, does not modify other skills or system settings, and contains no code that attempts to persist credentials or alter agent configuration.