悟道 · A股资金分析
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This instruction-only skill coherently uses a disclosed stock-data API key for read-only A-share market analysis.
Before installing, confirm you trust stock.quicktiny.cn, set LB_API_BASE to the documented provider URL, and keep LB_API_KEY private. The skill appears read-only and purpose-aligned, but market-analysis outputs should still be verified before making financial decisions.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the API base URL is misconfigured, the API key could be sent to the wrong service.
The skill requires a bearer API key and sends it to the configured API base URL. This is disclosed and purpose-aligned for accessing the stock-data API, but users should ensure the base URL is the intended provider.
requires: { "env": ["LB_API_KEY", "LB_API_BASE"] } ... curl -s -H "Authorization: Bearer $LB_API_KEY" "$LB_API_BASE/endpoint"Use the documented base URL, protect the API key like a password, and revoke or rotate it if it may have been exposed.