A股信号
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This A-share analysis skill is coherent and consent-gated, with only minor notes about optional third-party data tools and package dependencies.
This appears safe to install for stock-analysis use. Before approving optional fallback paths, be aware they may install third-party Python packages and call external market-data APIs; keep queries scoped and avoid sharing private portfolio details unless intended.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the fallback script is used, it may make external market-data requests and retrieve more public quote data than a single ticker requires.
The optional local fallback can call AkShare to retrieve broad public A-share spot data when invoked, even though the main workflow prefers single-stock targeted queries.
df = ak.stock_zh_a_spot_em(); ... data = 获取实时行情(); print(json.dumps(data[:5], ensure_ascii=False, indent=2))
Use the mx-skills route first, and only approve the local fallback for a clearly scoped stock symbol or query.
Installing optional dependencies adds normal package-supply-chain exposure if the user chooses the fallback path.
The skill documents optional installation of third-party Python packages for fallback data access; this is consent-gated but not version-pinned in the artifacts.
只有在用户明确同意后,才可启用本地回退方案;启用后再按需安装 `akshare` / `baostock` 等依赖。
Install optional packages only from trusted environments, consider pinning versions, and avoid using the fallback unless needed.
Stock symbols, analysis questions, and any user-provided context may be sent to the selected finance skills or their data providers.
The skill is designed to route stock-analysis requests through other finance skills; this is disclosed and constrained, but it is still an inter-skill data flow users should understand.
默认路由优先级如下:- 单票综合判断...优先 `mx-financial-assistant` ... 需要结构化字段...优先 `mx-finance-data` ... 所有 `mx-skills` 请求必须严格串行执行
Avoid including confidential portfolio details unless necessary, and confirm which mx-skills or external sources will be used before proceeding.