astock-report

The skill bundle is a comprehensive A-share financial reporting system that fetches data from various APIs (Tencent, EastMoney, Sina, AKShare) and pushes reports to WeChat Work webhooks. It exhibits several high-risk behaviors, including shell command execution via subprocess.run (using curl to send data), direct filesystem access to read sensitive API keys and webhooks from /workspace/keys, and the use of a self-modifying script (s5_fix.py) to patch other files. While these capabilities appear plausibly necessary for the tool's stated purpose and no clear evidence of malicious intent was found, the combination of shell execution, key handling, and agent instructions to execute code without explanation (close_summary_prompt.txt) warrants a suspicious classification under the provided guidelines.