悟道 · A股行情数据
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a straightforward A-share market data skill that uses a disclosed external API with a user-provided API key.
Before installing, confirm you trust stock.quicktiny.cn, set LB_API_BASE to the documented HTTPS API URL, and protect LB_API_KEY like any other service credential. The reviewed artifacts do not show hidden code, persistence, or unrelated access.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone with the API key may be able to use the user’s quota or account access for the stock-data service.
The skill requires a provider API key and base URL to access the disclosed stock-market API. This is expected for the integration, but it is still credential-bearing access.
export LB_API_KEY="lb_your_key_here" export LB_API_BASE="https://stock.quicktiny.cn/api/openclaw"
Only configure the documented HTTPS base URL, keep the API key out of chats and logs where possible, and rotate the key if it is exposed.