a-share-analysis
Security checks across malware telemetry and agentic risk
Overview
This appears to be a coherent A-share stock analysis/reporting skill, but users should notice its local persistence, optional external API credentials, package setup, and financial-advice-style outputs.
Before installing, make sure you trust the publisher/source, run the Python scripts in a virtual environment, decide whether to enable Firecrawl/OpenAI credentials, and periodically review or clear generated reports and memory files. Treat all investment recommendations as informational and verify them independently.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing packages can introduce third-party code into the local Python environment.
The documented setup installs unpinned Python dependencies. This is common and purpose-aligned for the reporting scripts, but users should verify the environment and dependency sources.
pip install requests reportlab
Install in a virtual environment, pin versions if possible, and review dependency sources before running the scripts.
If enabled, provider API keys may be used and billed according to those services' rules.
The skill may use optional provider credentials for news sentiment and memory search. This is expected for those integrations, and the artifacts do not show hardcoded keys or credential leakage.
可选 - Firecrawl API 密钥(新闻情绪分析) - OpenAI API 密钥(Elite Memory 向量搜索)
Use limited-scope keys where possible, do not paste secrets into prompts, and revoke keys if you no longer need the integration.
Past reports and recommendations may remain on disk and could be reused in later analyses.
The skill documents persistent storage of generated analyses and updates to memory/context files. This is useful for historical stock analysis but means stale or incorrect analysis can persist.
存储每次分析记录到 `memory/YYYY-MM-DD.md` ... 更新 `SESSION-STATE.md` 活跃上下文 ... 重要分析归档到 `MEMORY.md`
Review and delete old memory/report files when needed, and treat recalled historical analysis as context rather than verified fact.
Users or clients may over-trust generated investment ratings or target prices.
The skill presents customer-facing, professional-looking investment reports with ratings and price targets. The artifacts also include disclaimers, so this is a trust/usage note rather than evidence of deception.
投资评级系统 ... 目标价/止损价 ... 场景 2: 投顾客户服务 ... 生成可发送给客户的专业报告
Use the output as research assistance only, verify data independently, and obtain qualified financial review before relying on or distributing reports.