ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Baidu Finance Search

百度财经搜索 skill。基于超哥方法论定制,支持雪球/知乎/东方财富/同花顺等站点的财经舆情搜索,适合短线情绪博弈和事件驱动分析。

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 46 · 0 current installs · 0 all-time installs
by@huangrichao2020
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The code implements the advertised Baidu web_summary search and targets the same API endpoint described in SKILL.md, so functionality matches the purpose. However, the skill requires a BAIDU_API_KEY (documented in SKILL.md and used by scripts/search.py) but the registry metadata lists no required environment variables — this mismatch is an incoherence in declared requirements.
!
Instruction Scope
SKILL.md only instructs the agent to set BAIDU_API_KEY in skills/.env and run the script. The script, however, will also attempt to read a .env file two levels up from the script directory (potentially the repository/project root) to find BAIDU_API_KEY, which is broader than the single-file configuration described. The script sends the API key to the stated Baidu endpoint and does not exfiltrate other files, but it explicitly disables SSL verification (ctx.check_hostname = False; ctx.verify_mode = ssl.CERT_NONE), which undermines the security of communications and could expose the API key to network interception.
Install Mechanism
There is no install spec (instruction-only plus a small script). Nothing is downloaded or installed by the skill, and no third-party packages are pulled in automatically.
!
Credentials
The only secret the code needs is BAIDU_API_KEY, which is proportionate to the stated purpose. However, the skill's registry metadata does not declare this required environment variable even though both SKILL.md and the script depend on it. Additionally, the script will search for BAIDU_API_KEY in a parent .env file (../../.env), which can expose or reuse a project-level secret unintentionally.
Persistence & Privilege
The skill does not request persistent or elevated privileges. always is false, and there is no install step that modifies other skills or system-wide configs.
What to consider before installing
Before installing, be aware of three issues: (1) the skill needs a BAIDU_API_KEY even though the registry metadata doesn't declare it — verify the key's scope and origin and avoid reusing high-privilege keys; (2) the script looks for a .env two levels up, which can read project-level secrets unintentionally — check which .env it will load or place the API key only in the intended skills/.env; (3) the script disables SSL certificate verification when contacting Baidu, which makes the API key and responses vulnerable to network interception — ask the author to remove the SSL disablement (use default SSL verification) before using in any sensitive environment. If you still want to use it, inspect or run the script in an isolated environment, provide a limited-scope token if possible, and consider rotating the BAIDU_API_KEY after testing.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.2
Download zip
latestvk978v3fqb4tfhyqcp1zazx9pzn839vdw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

百度财经搜索 Skill

基于超哥方法论定制的财经搜索工具,使用百度千帆 AI 搜索(web_summary)接口。

核心能力

场景站点用途
短线主线(情绪博弈)雪球、东方财富舆情热度、资金动向
短线非主线(事件驱动)东方财富、同花顺公告、政策、财报
中线(趋势跟随)知乎、雪球板块轮动分析

API 信息

项目
Endpointhttps://qianfan.baidubce.com/v2/ai_search/web_summary
认证Authorization: Bearer {API_KEY}
请求方式POST

使用方式

命令行调用

python3 skills/baidu-finance-search/scripts/search.py '<JSON参数>'

快捷搜索

# A股行情分析
python3 skills/baidu-finance-search/scripts/search.py '{
  "query": "如何看待今日A股行情",
  "sites": ["xueqiu.com", "www.eastmoney.com"]
}'

# 板块轮动分析
python3 skills/baidu-finance-search/scripts/search.py '{
  "query": "半导体板块轮动分析",
  "sites": ["xueqiu.com", "www.zhihu.com"]
}'

# 个股舆情
python3 skills/baidu-finance-search/scripts/search.py '{
  "query": "宁德时代 最新讨论",
  "sites": ["xueqiu.com"],
  "time_range": "3d"
}'

请求参数

参数类型必填默认值说明
querystring✅ 是-搜索问题
siteslist雪球、东财搜索站点列表
time_rangestring时间范围(1d/3d/1w/1m)
top_kint10返回结果数量
instructionstring金融专家系统指令

预设站点

站点域名说明
雪球xueqiu.com股民社区
东方财富www.eastmoney.com财经门户
同花顺www.10jqka.com.cn财经门户
知乎www.zhihu.com知识问答

配置

skills/.env 中配置:

BAIDU_API_KEY=bce-v3/ALTAK-xxx

与方法论对应

方法论场景推荐站点示例查询
短线主线-情绪博弈雪球、东财"如何看待今日A股行情"
短线非主线-事件驱动东财、同花顺"XX股票 公告解读"
中线-趋势跟随知乎、雪球"半导体板块轮动分析"

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…