leading-stock-analyzer
PassAudited by VirusTotal on May 7, 2026.
Overview
Type: OpenClaw Skill Name: leading-stock-analyzer Version: 4.0.4 The 'leading-stock-analyzer' skill is a legitimate quantitative tool for analyzing Chinese stock market data using public APIs from Eastmoney and Tencent. The bundle contains well-structured Python scripts that perform financial calculations across four dimensions (driving force, anti-drop, leadership, and capital absorption). The orchestration logic in `main.py` and `analyze.py` uses standard subprocess calls and local file caching in `/tmp` for performance. The `SKILL.md` instructions are designed to ensure the AI agent provides raw, objective data to the user without subjective bias or hallucinations, and includes helpful troubleshooting commands for log analysis. No evidence of data exfiltration, malicious execution, or prompt injection was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
It may be harder to independently verify the origin or update history of the code before installing.
The package includes runnable scripts, but the registry metadata does not provide an upstream source or homepage. This is a provenance gap, not evidence of malicious behavior.
Source: unknown; Homepage: none; Install specifications: No install spec
Review the bundled scripts, pin the specific version you intend to use, and prefer a trusted source if available.
Running the skill will execute its Python code, make public market-data requests, and create local runtime artifacts.
The skill is designed to run local Python scripts. This execution is disclosed and purpose-aligned, but it is still local code execution from the skill package.
运行 python3 scripts/main.py 或 analyze.py 获取评分
Run it only in a trusted workspace and inspect the scripts if you need assurance about exactly what will execute.
Local logs may reveal which stock codes were analyzed and some API/debug information to anyone with access to the workspace.
The skill persists structured diagnostic logs containing command arguments, process IDs, API call metadata, and response snippets. This is disclosed and appears limited to diagnostics.
系统每次运行自动写入结构化日志到 `./logs/lsa_YYYYMMDD.jsonl` ... `command`, `args`, `pid` ... `last_body_snippet`
Keep the workspace private and delete `./logs/lsa_*.jsonl` if you do not want the diagnostic history retained.
The analysis could influence trading decisions even though it is only a quantitative script output based on public APIs.
The skill’s output template and labels are trading-adjacent and strongly worded. This is part of the stated purpose, but users may over-trust the generated ratings.
| 🐉 真龙 | 85-100 | 四维共振,引领板块 | ... | 🐔 杂毛 | < 50 | 跟风货,远离 | ... `买点建议`
Treat the results as informational, verify against other sources, and do not rely on the skill alone for financial decisions.