A股龙虎榜市场数据API接口
AdvisoryAudited by Static analysis on May 13, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Stock/date queries and returned market data could be observed or altered on the network; the artifacts do not show local files or credentials being sent.
The client sends requested API calls to an external provider over plain HTTP. This is disclosed and central to the market-data purpose, but the connection is not encrypted.
def __init__(self, base_url: str = "http://fffy520.gicp.net:8003"):
Use only non-sensitive queries with this endpoint, avoid sending any API key over plain HTTP unless the provider offers HTTPS, and verify important financial data independently.
If the service requires paid or keyed access, users may need to manage credentials outside the skill and should understand what account information the API exposes.
The documentation references account status, keys, and invalid credentials, while the provided metadata declares no primary credential and the included client does not implement authentication. This is a documentation/credential-scope ambiguity, not evidence of credential misuse.
GET /api/account ... 查询当前的套餐类型、剩余配额和有效期 ... 30次/秒/Key ... 401 | 无效凭证
Confirm the provider's authentication method before use; keep any API key limited to this service and do not provide brokerage, bank, trading, or unrelated account credentials.