Datayes 宏观指标
v1.0.0查询 Datayes/通联的宏观与行业指标数据。用户询问 GDP、CPI、PPI、PMI、M2、社融、利率、就业、贸易、产量、价格等宏观或行业时间序列时使用。优先通过仓库内 Python 脚本搜索候选指标并拉取明细,不要手写 HTTP 请求。
⭐ 0· 25·0 current·0 all-time
by@datayes
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the code and runtime requirements: the skill is a Datayes macro-indicator fetcher, requires only python3 and DATAYES_TOKEN, and its code calls Datayes API endpoints. There are no unrelated credentials, binaries, or config paths requested.
Instruction Scope
SKILL.md instructs running the bundled Python script and to read DATAYES_TOKEN from the environment (matches the code). One minor inconsistency: the docs state that only Datayes trusted domains are allowed, but the code's ALLOWED_HTTP_HOSTS also includes api.wmcloud.com (a non-datayes domain). This may be intentional (a data source/datayes partner), but you should confirm whether that host is acceptable for your token to be sent to.
Install Mechanism
No install spec; this is instruction-plus-scripts only. The code is run directly with python3 and nothing is downloaded or written by an installer.
Credentials
The skill requires a single environment variable (DATAYES_TOKEN) which is appropriate for calling Datayes APIs. The script reads only DATAYES_TOKEN for authorization and does not request other secrets.
Persistence & Privilege
always is false, the skill is user-invocable, and it doesn't request persistent system-wide configuration or modify other skills. It does not require elevated privileges.
Assessment
This skill appears to do what it says: run the included Python script which uses DATAYES_TOKEN to call Datayes APIs. Before installing, confirm that you are comfortable providing DATAYES_TOKEN to this code and that the token is revocable/limited in scope. Review the allowed host list in scripts/datayes_macro.py — it includes api.wmcloud.com in addition to Datayes domains; if you only want Datayes domains to ever receive the token, ask the author to remove or justify that host. Run the bundled tests locally and use a scoped or revocable token (not a long-lived high-privilege credential). If you share your environment or CI with others, avoid placing the token in a globally persistent env variable.Like a lobster shell, security has layers — review code before you run it.
latestvk97aascdrpe3qns10k8x7xz31d84edwc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binspython3
EnvDATAYES_TOKEN