Tushare Finance Jarvis
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a coherent Tushare market-data skill, with expected notes around using a Tushare token, running local Python, and installing Python packages.
This skill looks safe for its stated purpose if you are comfortable using Tushare. Configure your Tushare token carefully, prefer a virtual environment for package installation, and review any Python commands or file exports before running them.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your Tushare token may be used to make data requests against your Tushare account or quota.
The skill uses a Tushare account token to access the provider API. This is expected for the stated purpose, but the token authorizes API usage and should be handled as a credential.
配置环境变量:`export TUSHARE_TOKEN="your_token"`
Use the token only in a trusted local environment, avoid pasting it into chat, and remove it from shared shell profiles or machines.
The agent may run Python code in your environment to fetch and process market data.
The skill can run local Python commands and read files. This is aligned with querying Tushare and processing pandas DataFrames, but it is still local execution authority.
allowed-tools: - Bash(python:*) - Read
Review generated Python commands before allowing them to run, especially if they write files, install packages, or process local data.
Installed package versions may change over time and affect behavior or reproducibility.
The setup instructions pull external Python packages from the package ecosystem. This is expected for a Tushare Python skill, but the command does not pin exact package versions.
pip install tushare pandas
Install in a virtual environment and consider pinning package versions if you need reproducible or higher-assurance use.