Eastmoney Trading

Key things to check before installing or running: - The registry metadata does NOT list the env vars the code needs. Expect to set EASTMONEY_ACCOUNT and EASTMONEY_PASSWORD (and possibly EASTMONEY_CDP_URL). Treat those as highly sensitive; use a test account first and never upload real credentials to cloud services. - The script can send captcha screenshots to a third-party LLM OCR endpoint (dashscope.aliyuncs.com) when an API key (BAILIAN_API_KEY, DASHSCOPE_API_KEY, or ALIBABA_CLOUD_API_KEY) is present. If you don't want images/leaked data sent externally, do not set those API keys and audit the code path that calls recognize_captcha_with_llm. - The skill saves logs and screenshots locally by default. Those files can contain sensitive financial data and images of UI screens; secure or regularly purge the logs/screenshots directory, or modify the script to avoid saving sensitive artifacts. - Playwright and pytesseract are required; installing Playwright can pull browser binaries. If you rely on the claimed 'CDP only' mode, verify the code actually avoids downloading/launching new browsers and only connects over CDP. - Run the script in an isolated environment (VM/container) with a test account first to observe network egress (which domains are contacted) and file writes. Review/grep the full script for any additional outgoing endpoints before giving it real account credentials. - If you want to use LLM OCR, prefer using your own trusted API keys and confirm the provider's privacy policy; otherwise disable LLM OCR and rely on local Tesseract. Overall: the functionality aligns with the stated purpose, but undeclared env vars and third-party OCR/network behavior plus default logging of sensitive data are important red flags — proceed only after verifying and hardening those points.