看盘之眼
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: stock-ocr Version: 1.0.0 The skill bundle automates the extraction of stock technical indicators from financial terminals (e.g., TongDaxin, JinChangJiang) by capturing screenshots and performing OCR. Multiple scripts, including capture_ma20.py, tdx_capture.py, and debug_ocr.py, use PowerShell to capture screen regions and transmit the data to external APIs such as api.ocr.space and aip.baidubce.com. The bundle contains hardcoded API credentials (e.g., Baidu API Key 'dNJctHLwok76vebSk8EP8aPG' in debug_ocr.py and test_baidu_ocr.py) and uses the 'setx' command in setup_ocr.py to modify system environment variables. While these actions align with the stated purpose, the automated capture and external transmission of financial application screenshots represent a significant privacy risk and potential for accidental data exfiltration.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running or sharing this skill could expose or abuse the embedded OCR account credentials, consume someone else's quota, or fail unexpectedly if those credentials are revoked.
The file hardcodes Baidu OCR credentials into the runtime environment; SKILL.md also advertises a configured API key while the registry declares no credential requirement.
os.environ['BAIDU_API_KEY'] = 'dNJ...8aPG'; os.environ['BAIDU_SECRET_KEY'] = 'X989...D3cA'
Remove embedded secrets, rotate any exposed keys, and require users to provide their own OCR credentials through documented environment variables or a secure config mechanism.
If the agent or user passes an unsafe title/output value, the script may run unintended PowerShell commands on the local machine.
A command string passed to PowerShell is built with an interpolated window-title value, and the script exposes a --window-title argument, so crafted input could alter the PowerShell script.
$pattern = "{title_pattern}" ... subprocess.run(['powershell', '-Command', ps_script], ...)Avoid interpolating raw arguments into PowerShell; pass parameters safely, escape values rigorously, validate window titles/paths, and require user confirmation for non-default arguments.
Screenshots from the trading terminal may leave the local machine when online OCR engines are used.
The script uploads captured screenshot image bytes to an external OCR provider, which is purpose-aligned but may include financial-terminal screen content.
files = {'file': ('image.jpg', img_data, 'image/jpeg')} ... requests.post('https://api.ocr.space/parse/image', files=files, data=data, timeout=30)Use local OCR for sensitive screens, verify the captured region before upload, and clearly document which OCR engines send data to which providers.
The skill can interact with the trading software UI, so an unexpected focused window or wrong match could cause unintended UI input.
The script automates the foreground financial-terminal window by sending keyboard input to select a stock and switch views.
user32.SetForegroundWindow(hwnd) ... send_key(VK_ESCAPE) ... send_char(c) ... send_key(VK_RETURN) ... send_key(VK_9) ... send_key(VK_6)
Run it only while the intended terminal window is visible, keep the default narrow workflow, and confirm the matched window before automation.
The documented workflow may fail or encourage users to locate/run missing helper code outside the reviewed artifact set.
The main documented v2 script imports an ocr_engines helper, but that file is not listed in the supplied manifest; SKILL.md also references scripts/configure_baidu_ocr.ps1, which is not listed.
from ocr_engines import recognize_with_engine, compare_engines, get_available_engines
Package all referenced helper files, remove stale references, and avoid instructions that require running unreviewed scripts.