Czsc Thinking
PassAudited by VirusTotal on May 6, 2026.
Overview
Type: OpenClaw Skill Name: czsc Version: 1.0.0 The skill bundle provides a legitimate framework for financial market analysis based on Chan Theory (缠论). It includes Python scripts (fetch_market_data.py, analyze_czsc_structure.py, and signal_analysis.py) that utilize the well-known 'czsc' and 'tushare' libraries to fetch market data and identify trading signals. The instructions in SKILL.md and documentation in examples/ and references/ are strictly focused on financial analysis methodology and do not contain any malicious prompt injections, data exfiltration attempts, or unauthorized execution patterns.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you run the data-fetching script, your Tushare token will be used to access Tushare services.
The script requires a user-provided Tushare API token and passes it to a Tushare-configured data client. This is expected for market-data retrieval, but it is still credentialed third-party access.
parser.add_argument('--token', type=str, required=True, help='Tushare API token') ... DataClient(url="https://api.tushare.pro", token=token, cache_path=cache_path, timeout=300)Use a token with only the needed Tushare access, avoid pasting it into shared logs or transcripts, and rotate it if it is exposed.
Running the optional scripts may install and execute third-party library code from your Python package source.
The scripts depend on external Python packages installed manually by the user. This is normal for the stated analysis workflow, but the dependencies are not pinned in the provided install instructions.
pip install czsc tushare pandas
Install dependencies from a trusted Python environment, review package sources/versions if needed, and consider pinning versions before use.