Global Macro Database Assistant
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears purpose-aligned for querying Eastmoney macroeconomic data, but users should notice that it uses an API key, installs a Python dependency, and may perform bounded follow-up checks for completeness.
Before installing, make sure you trust the Eastmoney service and the skill publisher, provide only a revocable EM_API_KEY, expect queries to be sent to the provider, and monitor any repeated completeness retries if API usage or quota matters.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may read the generated CSV files and make additional API calls before responding, which can increase latency or consume API quota.
The skill tells the upper agent to use code/file-reading capability and make iterative follow-up calls. This is bounded and related to completeness, but it expands the action sequence beyond a single query.
使用规划引擎内置的代码执行能力(如 Python Sandbox)读取 CSV ... 再次调用 `mx_macro_data` ... 最大重试次数5次
Keep retries within the documented limit, restrict file reads to files generated by this skill, and ask the user before broadening the query scope or using paid/limited API quota.
Anyone installing the skill must provide an Eastmoney API key, and calls made by the skill may count against that account or quota.
The code reads an environment API key and sends it as an authentication header. This is expected for the Eastmoney API integration, but it is still credential use.
EM_API_KEY = os.environ.get("EM_API_KEY", "") ... "em_api_key": EM_API_KEYUse a scoped and revocable API key, avoid sharing it in prompts or logs, and rotate it if it may have been exposed.
Installing the dependency pulls code from the Python package ecosystem, which may vary over time if versions are not pinned.
The skill depends on the external Python package httpx without a pinned version. This is a normal, purpose-aligned dependency for HTTP requests, but upstream dependency changes can affect behavior.
"package": "httpx" ... pip3 install httpx --user
Install from a trusted package index and consider pinning a reviewed httpx version in controlled environments.