tushare
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may use your Tushare account token to query financial data and access interfaces allowed by your Tushare credit level.
The skill requires a personal Tushare service token. This is expected for Tushare Pro access and no leakage or unrelated credential use is shown, but it is still an account credential.
Token Required: Register at https://tushare.pro and obtain your personal Token from the User Center.
Use an environment variable or secure secret store for the token, avoid pasting real tokens into shared code or chats, and verify which Tushare data permissions your account has.
Installing later package versions may introduce changes outside the reviewed artifact text.
The skill depends on PyPI packages with lower-bound versions rather than pinned exact versions. This is normal for a Python API helper, but future package changes could affect behavior.
tushare>=1.3.0 pandas>=1.5.0
Install from trusted package indexes and consider pinning exact dependency versions in controlled or production environments.