趋势启动扫描器
PassAudited by ClawScan on May 10, 2026.
Overview
The provided artifacts look like a stock-analysis/backtesting tool, with expected local Python execution and market-data API access but no evidence of credential theft, exfiltration, destructive behavior, or hidden persistence.
Before installing, understand that this skill runs local Python scripts, may require third-party Python packages, contacts public stock-data APIs, and writes generated analysis files to hardcoded .qclaw-style paths. Also treat the stock scores as research output, not financial advice.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill executes Python code on the user's machine to perform the scan.
The primary workflow is user-directed execution of a local Python script. This is expected for this stock scanner, but it means the skill runs local code.
```bash python trend_scanner.py ```
Run it only in an environment where you are comfortable executing the included scripts and where required Python packages are installed from trusted sources.
The tool may contact third-party stock-data providers while scanning or backtesting.
The code calls an external market-data API. This is aligned with stock scanning/backtesting and does not show sensitive data upload, but users should know network access occurs.
url = 'https://web.ifzq.gtimg.cn/appstock/app/fqkline/get' ... r = requests.get(url, params=params, timeout=10)
Use it only if you are comfortable with market-data API calls, and review network access if running in a restricted environment.
Users have less registry-level assurance about where the code came from or which dependency versions are expected.
The registry metadata does not provide source provenance or an install specification. This is not malicious by itself, but dependency and provenance verification are left to the user.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Review the code and install dependencies from trusted package sources before running the scripts.