ClawHub

itick-stock-quote

v1.0.0

查询股票实时盘中行情、股票信息等功能。支持HK(港股)、SH(上证)、SZ(深证)、US(美股)、SG(新加坡)、JP(日本)、TW(中国台湾)、IN(印度)、TH(泰国)、DE(德国、MX(墨西哥)、MY(马来西亚)、TR(土耳其)、ES(西班牙)、NL(荷兰)、GB(英国)等,可获取实时报价和深度行情(买卖盘...

1· 464·1 current·1 all-time
by@chnmasterog
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Skill name/description (real-time stock quotes via itick.org) matches the declared requirement for a single ITICK_API_TOKEN and the SKILL.md shows curl calls to api.itick.org endpoints — this is proportionate. Note: the package/source has no homepage or external provenance information in the manifest; you may want to verify the itick.org service before trusting the token.
Instruction Scope
SKILL.md contains explicit curl examples for specific itick.org endpoints and instructs the agent to use the ITICK_API_TOKEN environment variable. It does not instruct reading unrelated files, filesystem paths, or other environment variables, nor does it attempt to exfiltrate data to unexpected endpoints.
Install Mechanism
This is an instruction-only skill with no install spec and no code files; nothing is downloaded or written to disk by the skill itself, which lowers installation risk.
Credentials
Only a single environment variable (ITICK_API_TOKEN) is required and declared as the primary credential. That is appropriate for an API-based stock-quote integration and matches the SKILL.md usage. No unrelated secrets are requested.
Persistence & Privilege
The skill is not always-enabled and has no install scripts or requests to modify other skills or system-wide settings. Model invocation is enabled (the platform default) but that is expected for a usable integration and is not combined with other red flags here.
Assessment
This skill appears coherent: it simply calls api.itick.org and expects one API token. Before installing, confirm you trust the itick.org service (there is no homepage/source link in the manifest). Treat ITICK_API_TOKEN as a secret — do not paste it into chat — and supply it via your platform's secure env mechanism. Consider creating a least-privilege or read-only token if supported, monitor/rotate the token periodically, and revoke it immediately if you see unexpected requests. Because the skill can be invoked by the agent, ensure you only grant the token to agents you trust and review audit/network logs for unusual activity.

Like a lobster shell, security has layers — review code before you run it.

latestvk970f998rc3bb4gvnxsdd40yc182erxk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🗠 Clawdis
EnvITICK_API_TOKEN
Primary envITICK_API_TOKEN

Comments