leading-stock-analyzer
PassAudited by ClawScan on May 7, 2026.
Overview
This appears to be a coherent public-market stock analysis skill, with expected local Python execution, public API calls, and local logs, but no evidence of credential use, exfiltration, or destructive behavior.
Before installing, be aware that this runs bundled Python scripts, contacts public market-data APIs, and stores local logs. Review the package/version because the source is not identified, and treat the stock ratings as informational rather than trading advice.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
It may be harder to independently verify the origin or update history of the code before installing.
The package includes runnable scripts, but the registry metadata does not provide an upstream source or homepage. This is a provenance gap, not evidence of malicious behavior.
Source: unknown; Homepage: none; Install specifications: No install spec
Review the bundled scripts, pin the specific version you intend to use, and prefer a trusted source if available.
Running the skill will execute its Python code, make public market-data requests, and create local runtime artifacts.
The skill is designed to run local Python scripts. This execution is disclosed and purpose-aligned, but it is still local code execution from the skill package.
运行 python3 scripts/main.py 或 analyze.py 获取评分
Run it only in a trusted workspace and inspect the scripts if you need assurance about exactly what will execute.
Local logs may reveal which stock codes were analyzed and some API/debug information to anyone with access to the workspace.
The skill persists structured diagnostic logs containing command arguments, process IDs, API call metadata, and response snippets. This is disclosed and appears limited to diagnostics.
系统每次运行自动写入结构化日志到 `./logs/lsa_YYYYMMDD.jsonl` ... `command`, `args`, `pid` ... `last_body_snippet`
Keep the workspace private and delete `./logs/lsa_*.jsonl` if you do not want the diagnostic history retained.
The analysis could influence trading decisions even though it is only a quantitative script output based on public APIs.
The skill’s output template and labels are trading-adjacent and strongly worded. This is part of the stated purpose, but users may over-trust the generated ratings.
| 🐉 真龙 | 85-100 | 四维共振,引领板块 | ... | 🐔 杂毛 | < 50 | 跟风货,远离 | ... `买点建议`
Treat the results as informational, verify against other sources, and do not rely on the skill alone for financial decisions.