科技投资日报

v1.1.0

科技行业投资日报生成与推送。当用户要求生成科技投资日报、发送每日投资报告、或cron定时触发日报任务时使用。自动抓取财联社实时新闻、获取涉及上市公司股价、生成深度分析报告并通过飞书一条消息发送完整Markdown报告，同时生成PDF附件。

⭐ 0· 333·2 current·2 all-time

by@ilove323

MIT-0

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

high confidence

Purpose & Capability

The skill claims no required credentials/config, but the SKILL.md and embedded code expect platform-local files and secrets (e.g., /root/.openclaw/openclaw.json for Feishu appId/appSecret and a md2pdf-weasyprint script under /root/.openclaw/workspace/skills/…). Accessing other agent/platform config is outside the declared purpose and requirements.

Instruction Scope

Instructions explicitly tell the agent to read /root/.openclaw/openclaw.json to obtain Feishu credentials, to execute a Python snippet that posts to Feishu, and to call a conversion script at /root/.openclaw/workspace/skills/md2pdf-weasyprint/scripts/convert-weasyprint.sh. These operations access undeclared config and other skill workspaces and give the skill authority to use tenant-level Feishu credentials.

ℹ

Install Mechanism

No install spec is provided (instruction-only plus included scripts). That lowers installation risk, but SKILL.md and scripts rely on external tools/environments (curl, pandoc/weasyprint, md2pdf-weasyprint script, fonts at /tmp/NotoSansCJK.ttf) that are not declared — functional mismatch rather than direct supply-chain download risk.

Credentials

Declared requirements list no credentials or config paths, yet the runtime instructions read platform config for Feishu app_id/app_secret and use them to obtain a tenant_access_token and upload files. That is disproportionate: the skill uses sensitive tenant credentials without declaring them or asking the user explicitly.

Persistence & Privilege

always:false (normal), but the skill instructs reading a global agent config file (/root/.openclaw/openclaw.json) which may contain other channels/credentials. Accessing that global config is a privilege beyond the skill's stated scope and could expose secrets belonging to the platform or other skills.

What to consider before installing

This skill will attempt to read your platform's OpenClaw config (/root/.openclaw/openclaw.json) to extract Feishu appId/appSecret and then use those to get a tenant token and upload/send PDFs — but it does not declare that requirement. Before installing: (1) do not assume credentials are safe to share — inspect /root/.openclaw/openclaw.json and confirm whether it contains sensitive tenant credentials. (2) Ask the author to explicitly declare required credentials or change the skill to request Feishu credentials at configuration time rather than silently reading platform config. (3) Verify presence and origin of the referenced md2pdf-weasyprint conversion script and any fonts; these dependencies are required but not installed by the skill. (4) If you must run it, run in an isolated environment or a dedicated account with limited Feishu privileges, and rotate Feishu credentials after testing. (5) If you cannot validate these points, treat the skill as untrusted and avoid giving it access to platform/global config.

Like a lobster shell, security has layers — review code before you run it.

latestvk974tyqstckf1exsxtyjjfewpx8206ab

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

科技投资日报 Skill

执行流程

1. 抓取新闻

web_fetch → https://www.cls.cn/telegraph

筛选科技相关条目（AI/芯片/半导体/智能/机器人/算力/大模型/融资/上市公司公告）。重要新闻用 web_fetch https://www.cls.cn/detail/{id} 获取详情。

2. 获取股价

识别涉及的上市公司，执行：

python3 ~/.openclaw/workspace/skills/tech-invest-daily/scripts/report.py prices usNVDA,sz000338,...

返回 JSON：{code: {name, price, prev, change, pct, high, low}}

3. 生成完整报告

报告必须包含以下结构，每个公司单独一节，内容详实不得简化：

# 📊 科技投资日报 · YYYY-MM-DD

---

## 🔴/🟢 公司名 代码 · 涨跌幅%

**今日新闻**
原文摘要（2-3句，说清楚发生了什么）

**深度分析**
- 赛道逻辑：这条新闻为什么重要，行业趋势是什么（3-4句）
- 市场分析：资金动向、估值水位、竞争格局、近期催化剂（3-4句）

**关键财务数据**
现价：XX | 昨收：XX | 涨跌：XX（XX%）| 最高：XX | 最低：XX
PE：XX | 52周区间：XX~XX | 市值：XX

**投资建议**
建仓区间：XX~XX | 目标价：XX | 止损：XX | 持有周期：XX
操作策略：具体说明分几批建仓、什么条件加仓、什么条件止盈止损

---

## 一级市场信号（如有融资新闻）
融资事件 + 对应二级市场联动标的分析

---

## 今日操作清单
| 标的 | 代码 | 现价 | 建议 | 建仓区间 | 目标价 | 止损 |
|------|------|------|------|---------|--------|------|
...

⚠️ 以上内容仅供参考，不构成投资建议，投资有风险。

4. 飞书发送

文字报告：使用 message action=send，将完整 Markdown 放入单个 message 字段，必须一条消息发完，不得分段。

PDF附件：先将 Markdown 报告写入 /tmp/tech-invest-YYYYMMDD.md，再用 md2pdf-weasyprint 转换，最后用飞书 API 上传发送。

步骤1：生成 PDF

bash /root/.openclaw/workspace/skills/md2pdf-weasyprint/scripts/convert-weasyprint.sh \
  /tmp/tech-invest-YYYYMMDD.md \
  /tmp/tech-invest-YYYYMMDD.pdf

步骤2：上传并发送，用 exec 执行以下 Python 脚本：

import requests, json
from pathlib import Path

cfg = json.load(open("/root/.openclaw/openclaw.json"))["channels"]["feishu"]
app_id, app_secret = cfg["appId"], cfg["appSecret"]
user_id = "ou_159cbb6a3791ff5a98f3a2a4b38e7d4c"
pdf_path = "/tmp/tech-invest-YYYYMMDD.pdf"

token = requests.post(
    "https://open.feishu.cn/open-apis/auth/v3/tenant_access_token/internal",
    json={"app_id": app_id, "app_secret": app_secret}
).json()["tenant_access_token"]

with open(pdf_path, "rb") as f:
    file_key = requests.post(
        "https://open.feishu.cn/open-apis/im/v1/files",
        headers={"Authorization": f"Bearer {token}"},
        data={"file_type": "pdf", "file_name": Path(pdf_path).name},
        files={"file": f}
    ).json()["data"]["file_key"]

requests.post(
    "https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=open_id",
    headers={"Authorization": f"Bearer {token}", "Content-Type": "application/json"},
    json={"receive_id": user_id, "msg_type": "file", "content": json.dumps({"file_key": file_key})}
)

数据源

用途	地址
实时新闻流	`https://www.cls.cn/telegraph`
新闻详情	`https://www.cls.cn/detail/{id}`
股价行情	`http://qt.gtimg.cn/q=代码1,代码2`

股票代码格式

A股：sz000338、sh603019
美股：usNVDA、usAAPL
港股：hk00700、hk00981

Files

4 total

Select a file

Select a file to preview.

Comments

Loading comments…