Intelligent Stocks Screener
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears coherent and purpose-aligned, but it requires an Eastmoney API key and sends screening queries to Eastmoney before saving local CSV results.
Before installing, confirm you trust the Eastmoney API service, use a revocable API key, avoid entering confidential portfolio or client information in queries, and consider pinning the httpx dependency if your environment requires reproducible installs.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can use the configured Eastmoney API credential, which may affect that account's access, quota, or billing depending on the provider terms.
The script reads an Eastmoney API key from the environment for authenticated provider access. This is expected for the stated integration and the visible artifacts do not show hardcoding or logging of the key.
EM_API_KEY = os.environ.get("EM_API_KEY", "")Use a revocable, least-privileged API key where possible, keep it out of prompts and logs, and rotate it if it may have been exposed.
Investment screening criteria, strategy ideas, or portfolio-related text entered into the query may be shared with the external provider.
The code sends the user's natural-language screening query and selected asset type to a remote Eastmoney endpoint, which is aligned with the skill's stated purpose.
MCP_URL = "https://ai-saas.eastmoney.com/proxy/b/mcp/tool/selectSecurity" ... {"query": query, "selectType": selectType}Avoid including confidential client, portfolio, or trading-strategy details unless sharing them with the provider is acceptable under your privacy and compliance requirements.
In controlled environments, installing the latest dependency version can reduce reproducibility and slightly increase supply-chain exposure.
The skill documents installing the public Python package httpx without a pinned version. This is a normal dependency for HTTP API access, but unpinned installs depend on package resolution at install time.
"kind": "python", "package": "httpx" ... pip3 install httpx --user
If installing in a sensitive environment, pin and review the dependency version through your normal package-management process.