天枢股票分析系统
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill’s stock-analysis purpose is coherent, but its instructions show an unsafe HTTPS setup that disables certificate checks when fetching market data.
Before using this skill, be aware that it fetches stock data from Tencent Finance and gives operation suggestions. The main security issue is that the provided example disables HTTPS certificate checks; only use it if that is corrected so the agent verifies the data source securely.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent follows this pattern, tampered or intercepted market data could be accepted as real, which could lead to incorrect stock analysis or trading suggestions.
The skill’s documented network-check step disables HTTPS certificate and hostname validation for the market-data request.
ssl_context.check_hostname = False ssl_context.verify_mode = ssl.CERT_NONE
Use normal HTTPS certificate verification, avoid setting CERT_NONE, and validate stock-code inputs before making the Tencent Finance API request.
The user’s requested stock symbol is shared with the external market-data provider, and the report depends on that provider’s availability and accuracy.
The skill discloses that it sends requested stock codes to Tencent Finance to retrieve real-time market data.
URL: https://qt.gtimg.cn/q={股票代码}Confirm the data source is acceptable and cross-check important financial decisions with trusted market data and professional advice.