ClawHub

Intelligent Stocks Screener

v1.0.14

基于东方财富数据库,支持通过自然语言输入筛选A港美股、基金、债券等多种资产,支持多元指标筛选,含技术面、消息面、基本面及市场情绪等,可用于全球资产速筛、跨市场监控、投资组合构建、策略回测等场景。返回结果包含数据说明及 csv 文件。Natural language screener for investment...

75· 19.3k·23 current·25 all-time
byFinancial AI Analyst@financial-ai-analyst
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description: natural-language stocks/funds screener via 东方财富妙想. Declared requirement: EM_API_KEY (妙想 API key). Code references an EastMoney MCP endpoint (ai-saas.eastmoney.com/proxy/...) and constructs query metadata. The requested env var and network calls align with the stated purpose.
Instruction Scope
SKILL.md instructs setting EM_API_KEY, installing httpx, and running scripts/get_data.py or calling query_mx_stocks_screener. The instructions do not ask the agent to read arbitrary local files, unrelated environment variables, or to send data to third-party endpoints outside the EastMoney service. The script writes CSV and description files to a configurable output directory (expected behavior).
Install Mechanism
No installer that downloads arbitrary archives; only a single Python dependency (httpx) is required and the SKILL.md / metadata recommend pip installing it. This is proportionate for making HTTP requests.
Credentials
Only EM_API_KEY is mandatory (plus an optional output-dir env var). That matches the need to authenticate to the EastMoney API. No other secret-like env vars or unrelated credentials are requested.
Persistence & Privilege
always:false and no special filesystem/config paths or modifications to other skills are requested. The skill runs on demand and writes output files only to its configured directory.
Assessment
This skill appears coherent for querying 东财/妙想 screening APIs, but check these before installing: - Confirm the EM_API_KEY you supply is from https://ai.eastmoney.com/mxClaw and is scoped/rotatable; avoid using any high-privilege account key. - Review the rest of the script (the truncated portion) for any unexpected network endpoints or code that reads other local files; the visible code calls a single EastMoney MCP URL which is expected, but the remaining functions (e.g., mcp_single_call_v2) should be inspected to ensure it only sends the query and the API key and does not exfiltrate additional data. - Run the tool in a controlled environment or sandbox if you are uncertain, and avoid embedding the key in logs or shared files; rotate the key after testing. - Because the script writes CSV/description files, ensure the output directory is set to a safe location and that sensitive local data is not inadvertently included in queries you send to the remote API. If you want higher assurance, provide the remainder of scripts/get_data.py so it can be reviewed end-to-end; that could raise confidence to high if it contains only expected HTTP calls and no other data collection.

Like a lobster shell, security has layers — review code before you run it.

Asharevk97b9wy3882g88fzyd7rdhdh6d835c0sStockvk97b9wy3882g88fzyd7rdhdh6d835c0sfinancialvk97b9wy3882g88fzyd7rdhdh6d835c0slatestvk972vvhaws5xkhz9ys9gseybpd8441wqportfoliovk97b9wy3882g88fzyd7rdhdh6d835c0squantvk97b9wy3882g88fzyd7rdhdh6d835c0stradevk97b9wy3882g88fzyd7rdhdh6d835c0s

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvEM_API_KEY

Comments