ClawHub

cn-hk-dividend-fhpg-api

v1.0.2

基于服务端 HTTP API 查询中国A股分红配股与港股分红数据(含股息率)。用户提到A股、港股、分红、派息、股息率、分红配股等需求时使用本技能。

0· 144·0 current·0 all-time
by@funkygod
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (CN/HK dividend data) align with the instructions: the SKILL.md describes mapping user queries to structured HTTP requests against a dividend/fhpg REST API and only claims dividend/配股 functionality (explicitly excludes financial statement data). No unrelated binaries, credentials, or config paths are requested.
Instruction Scope
Runtime instructions direct the agent to translate user intent into queries and call specific REST endpoints (e.g., /api/v1/hk-stock/dividend, /api/v1/cn-stock/fhpg). This is expected for the stated purpose. However, the default Base URL is http://vi-money.com/ (plain HTTP, unverified third-party host). The doc recommends overriding via STOCK_API_BASE_URL, but if left as-is user queries (including tickers and possibly user-supplied context) would be sent in cleartext to that host — verify trustworthiness and prefer HTTPS or a self-hosted/trusted endpoint.
Install Mechanism
Instruction-only skill with no install spec and no code files; nothing is written to disk and no packages are pulled. This is the lowest install risk.
Credentials
The skill requests no credentials and only suggests an optional STOCK_API_BASE_URL env var to override the service URL. This is proportionate. Note: because calls are unauthenticated by default, the remote service will receive all query content — ensure that is acceptable for your privacy requirements.
Persistence & Privilege
always is false and the skill does not request persistent privileges, nor does it instruct changes to other skills or system configuration. Autonomous invocation is allowed (platform default) and appropriate for an API-backed data skill.
Assessment
This skill appears to do what it says: convert user questions about CN/HK dividends into HTTP calls to a read-only API and summarize results. Because the default API base URL is http://vi-money.com/ (HTTP, unverified), you should: (1) prefer setting STOCK_API_BASE_URL to an HTTPS endpoint you trust or self-host the API backend; (2) avoid sending sensitive or proprietary text you don't want shared to an untrusted service; (3) confirm the API's data freshness and provenance before making investment decisions; and (4) follow the developer checklist in SKILL.md if you plan to enable or extend this skill (e.g., implement TLS, rate-limiting, and any needed auth for upstream data sources). Overall coherence is good, but verify the remote host and use HTTPS/trusted endpoint to reduce privacy risk.

Like a lobster shell, security has layers — review code before you run it.

latestvk976x6aapqqvtjn34b4mcd05bh833khrv1.0.0vk979fvsxgfhh1ev6kad29xh5gs833f2b

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments