Gangtise 数据库
PassAudited by VirusTotal on May 8, 2026.
Overview
Type: OpenClaw Skill Name: gangtise-data Version: 1.4.3 The gangtise-data skill bundle is a legitimate tool designed to fetch structured financial data (quotes, financial statements, valuations, etc.) from the Gangtise Open API (open.gangtise.com). The Python scripts (e.g., financial.py, quote.py, valuation.py) implement standard API authentication using environment variables or a local configuration file, process data using pandas, and save results as CSV files in a designated local workspace. No evidence of data exfiltration, unauthorized execution, or malicious prompt injection was found; the code logic is transparent and strictly aligned with the stated financial analysis purpose.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone installing or running the skill may need to provide Gangtise API credentials that authorize access to the account’s data/API quota.
The skill uses Gangtise access credentials to obtain an authorization token. This is expected for the stated API integration, but users should treat these keys as sensitive.
GTS_ACCESS_KEY = os.getenv("GTS_ACCESS_KEY", None)
GTS_SECRET_KEY = os.getenv("GTS_SECRET_KEY", None)
...
GTS_AUTHORIZATION = get_authorization(GTS_ACCESS_KEY, GTS_SECRET_KEY)Use least-privileged Gangtise API keys if available, prefer environment variables over files when practical, and avoid sharing the scripts/.authorization file.
Running the skill can send requested securities/date ranges to Gangtise and create local CSV files with the returned data.
The skill intentionally runs local Python scripts, calls an external API, and saves results. This is disclosed and central to the skill’s purpose.
本技能在**本机**调用 `scripts/*.py`,请求 **Gangtise Open API**(`open.gangtise.com`),得到**结构化、可保存为 CSV** 的结果
Review the requested securities, date ranges, and any --all-market or securities-file usage before running large queries.
Users must rely mainly on the provided artifacts and registry entry to assess trustworthiness.
The artifact provenance is limited. This does not show malicious behavior, but users have less external context for verifying the package.
Source: unknown Homepage: none No install spec — this is an instruction-only skill.
Install only if you trust the publisher and are comfortable with the reviewed local scripts and Gangtise API access.