mx_financial_assistant
v1.0.1基于东方财富权威金融数据库,打造覆盖"数据-资讯-知识-分析-决策"全链条的智能问答服务。通过自然语言交互, 为用户提供从基础金融知识科普到专业投资研究支持的全方位解决方案,实现"一问即达"的高效金融信息获取体验。 涵盖七大核心能力:全市场金融数据实时查询(A港美股、基金、债券)、全网财经资讯智能检索(公告、研报...
⭐ 3· 3.2k·1 current·1 all-time
byFinancial AI Analyst@financial-ai-analyst
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill claims to be a financial Q&A client for 东方财富 and the included script posts queries to an EastMoney AI endpoint using an EM_API_KEY environment variable — this is coherent. Note: the package has no public homepage or source repo listed (provenance metadata is minimal), which is worth verifying before trusting production credentials.
Instruction Scope
SKILL.md instructs the agent to run scripts/generate_answer.py with a query and optional deep-think flag. The script only reads the EM_API_KEY, the question, and calls the documented EastMoney API; it does not access other files, other environment variables, or other external endpoints.
Install Mechanism
The skill requires the Python httpx package (declared in SKILL.md metadata) — a modest dependency. Registry metadata at the top-level indicated 'No install spec' earlier, while SKILL.md includes an install entry for pip/httpx; this minor inconsistency in where the install is declared should be clarified but is not itself a security risk. No downloads from untrusted URLs or archive extraction are present.
Credentials
Only one credential (EM_API_KEY) is required and the script uses it exclusively to authenticate requests to the EastMoney endpoint. There are no unrelated SECRET/TOKEN/PASSWORD env vars requested.
Persistence & Privilege
The skill does not request always:true, does not modify system or other skills' configurations, and has no persistent or elevated privileges beyond network access for the API call.
Assessment
This skill appears to do what it says: it sends user queries to an EastMoney AI endpoint using EM_API_KEY and returns the response. Before installing: 1) Confirm the EM_API_KEY you provide is scoped only to the needed service and not a general/privileged credential. 2) Verify the skill publisher or origin (there is no homepage or repo listed) — if uncertain, run in a sandbox first. 3) Monitor network usage and rotate the key after testing. 4) Ensure you are comfortable that queries (and any sensitive text you send) will be transmitted to EastMoney's API. If you need stronger assurance, request the author's source repo or sign-off from a known vendor before using in production.Like a lobster shell, security has layers — review code before you run it.
latestvk974qssmbejjdgkaafe812xt15844bwp
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
EnvEM_API_KEY