Akshare Fund
v1.0.0基金量化数据分析工具,基于AkShare库获取公募基金净值、持仓、估值等数据。用于基金查询、持仓分析、业绩追踪。
⭐ 0· 529·0 current·0 all-time
byBin F@bingobinf
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, SKILL.md usage examples, and the Python code all consistently implement fund queries, holdings aggregation, and valuation using the akshare and pandas libraries. There are no unrelated env vars, binaries, or capabilities requested.
Instruction Scope
Runtime instructions tell the agent to run fund_cli.py with various subcommands; the code performs network requests via AkShare to public data sources, reads/merges returned tables, and prints results. The instructions do not ask the agent to read user files, secrets, or other unrelated data.
Install Mechanism
No install spec is provided; the script exits with a user-facing message asking to pip install akshare and pandas. This is low risk but means the user must install third‑party Python packages (preferably in a virtualenv). AkShare itself will make network requests to external data providers.
Credentials
The skill declares no required environment variables, credentials, or config paths. The code does not attempt to access secrets or system config. Network access to fetch market/fund data is proportional to the stated functionality.
Persistence & Privilege
Skill is not always-on, is user-invocable, and does not request elevated or persistent system privileges. It does not modify other skills or system-wide agent settings.
Assessment
This skill appears coherent with its description, but consider the following before installing: 1) The script depends on third‑party Python packages (akshare, pandas). Install them in a virtualenv and review their versions and provenance (pip package metadata, project homepage) because these packages will make network calls and may have additional dependencies. 2) The code makes live network requests to public data sources via AkShare — expect outbound traffic and potential changes if source sites change. 3) Metadata inconsistencies (registry vs. _meta.json ownerId/version differences) and a hard-coded default year (2025) look like minor packaging bugs — not malicious but worth noting. 4) Do not treat outputs as financial advice. If you need stronger assurance, request the package's origin (source repo/homepage), a full code review, or run it in an isolated environment first.Like a lobster shell, security has layers — review code before you run it.
latestvk972xskx5vhd6nj8yqy2fd30g5832a73
License
MIT-0
Free to use, modify, and redistribute. No attribution required.