A股龙虎榜市场数据API接口
PassAudited by ClawScan on May 13, 2026.
Overview
This appears to be a read-only market-data API client, but it sends requests to an external plain-HTTP service and the docs mention account/key concepts.
This skill looks proportionate for read-only market-data lookup. Before using it, note that requests go to fffy520.gicp.net over HTTP, avoid sharing credentials or sensitive trading strategies through it, and independently verify data before making financial decisions.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Stock/date queries and returned market data could be observed or altered on the network; the artifacts do not show local files or credentials being sent.
The client sends requested API calls to an external provider over plain HTTP. This is disclosed and central to the market-data purpose, but the connection is not encrypted.
def __init__(self, base_url: str = "http://fffy520.gicp.net:8003"):
Use only non-sensitive queries with this endpoint, avoid sending any API key over plain HTTP unless the provider offers HTTPS, and verify important financial data independently.
If the service requires paid or keyed access, users may need to manage credentials outside the skill and should understand what account information the API exposes.
The documentation references account status, keys, and invalid credentials, while the provided metadata declares no primary credential and the included client does not implement authentication. This is a documentation/credential-scope ambiguity, not evidence of credential misuse.
GET /api/account ... 查询当前的套餐类型、剩余配额和有效期 ... 30次/秒/Key ... 401 | 无效凭证
Confirm the provider's authentication method before use; keep any API key limited to this service and do not provide brokerage, bank, trading, or unrelated account credentials.