stock-cli
v0.1.1用于股票行情查询与分析的命令行技能。用户提到 stock 命令、股票代码、最新资讯、市场概览、K 线或配置管理时调用。
⭐ 1· 841·4 current·4 all-time
by@anoyix
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (stock CLI for quotes, kline, news, market overview) match the included code. Network requests target finance data providers (qq/gtimg/baidu) and the processing functions (EMA/BOLL/KDJ/RSI) align with the stated features.
Instruction Scope
SKILL.md instructs invoking the 'stock' command for listed scenarios. The runtime code only reads its own configuration file (~/.stock-cli/config.json or path from STOCK_CLI_CONFIG_PATH) and calls finance APIs; it does not instruct reading unrelated system files, scanning the environment for secrets, or exfiltrating data to unexpected endpoints.
Install Mechanism
There is no external install spec that downloads arbitrary archives. Project includes normal Python packaging metadata (pyproject.toml) and source files; dependencies are standard (click, requests). No suspicious remote installer URLs or extract operations are present.
Credentials
The skill requires no credentials and no special env vars. It does honor an optional STOCK_CLI_CONFIG_PATH env var to override its config file location (reasonable for a CLI). No tokens/keys/passwords are requested.
Persistence & Privilege
always:false and autonomous invocation default are normal. The skill writes/reads only its own config under the user's home directory (or path set via STOCK_CLI_CONFIG_PATH) — this is proportional to a CLI that stores user preferences.
Assessment
What to consider before installing:
- This tool makes outgoing HTTP requests to third‑party finance endpoints (qq/gtimg/baidu). If you require an offline or air‑gapped environment, do not install.
- It stores configuration at ~/.stock-cli/config.json by default (can be overridden via STOCK_CLI_CONFIG_PATH). If you are concerned about files created under your home directory, review or sandbox the install first.
- No secrets/credentials are requested by the skill; however, network calls go to public reverse‑engineered endpoints which may change or be rate‑limited. Review the source if you need assurances about which exact endpoints are used.
- Installing the package (pipx/uv tool) will place the CLI entry point on your system; prefer inspecting the code or testing in a virtual environment before a system‑wide install.Like a lobster shell, security has layers — review code before you run it.
latestvk9793zddet4wrtmq91mgqa0s0s82zwfa
License
MIT-0
Free to use, modify, and redistribute. No attribution required.