astock-report
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The stock-report automation is mostly coherent, but it appears to expose or under-declare API/webhook credentials, so it should be reviewed before installation.
Install only after the maintainer removes and rotates the exposed mkt_api_key, declares all required WeCom/MX/Tushare credentials, and you verify the webhook destination and cron schedules. Use a dedicated low-privilege webhook/API key rather than a personal or shared production credential.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An API key may be leaked or reused, and the user may unknowingly run a skill containing someone else's credential.
The static scan flags this SKILL.md line as a hardcoded API secret or token. A credential embedded in a skill artifact can be exposed to anyone who can view or install it.
mkt_api_key = [REDACTED]
Remove the hardcoded key, rotate/revoke any exposed secret, and require users to provide their own declared credential via env var or config.
The skill can use local credentials to send reports to a WeCom webhook and access provider APIs.
The skill reads local/env credentials for WeCom webhook delivery and market-data providers. This is purpose-aligned, but it is more sensitive than the registry's 'Primary credential: none' declaration suggests.
KEYS_DIR = "/workspace/keys" ... "WECOM_WEBHOOK_KEY" ... "TUSHARE_TOKEN" ... os.environ.get("MX_APIKEY", "")Use dedicated, least-privilege keys; verify /workspace/keys contents; and declare required credentials in metadata.
If the external helper is missing or tampered with, credential handling and webhook posting could behave differently than the reviewed code.
The cron prompt imports a credential helper from outside the supplied skill package. This is plausible credential plumbing, but the referenced external helper is not reviewed in the provided artifacts.
sys.path.insert(0, "/workspace/keys") from keys_loader import get_webhook_url
Prefer the included reviewed loader or verify and protect the external /workspace/keys/keys_loader.py file before enabling automation.
Reports or alerts may be pushed to the configured WeCom channel automatically.
The prompt tells the agent to run local scripts and post the generated report to a webhook. This matches the automation purpose, but it is still direct tool use that can send messages without a human preview.
subprocess.run(["python3", "/workspace/skills/a-stock-report/scripts/send_close_summary.py"], ...) ... ["curl", "-s", "-X", "POST", get_webhook_url(), ...] 直接执行,不解释。
Test with a private webhook or dry run first, and enable scheduled pushes only after confirming the destination and content.
The skill may continue running and posting on its schedule until the jobs are disabled.
The skill documents recurring cron-style execution, including frequent intraday alert checks. This is disclosed and aligned with the report/alert purpose, but it is persistent autonomous activity.
盘中预警 | 交易时段每5分钟 ... wakeMode | now
Review all installed cron jobs, confirm the schedule is wanted, and document how to disable or remove the jobs.