Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description, SKILL.md and the Python client all target the same endpoint (mkapi2.dfcfs.com) and require an MX_APIKEY; requested capabilities (financial data queries, Excel/text/JSON outputs) match the code's behavior.
Instruction Scope
SKILL.md limits actions to sending user queries to the Eastmoney MX API and writing output files to /root/.openclaw/workspace/mx_data/output/. The client posts the natural-language query and API key to the declared API endpoint. This is expected, but be aware that your query text and returned data are transmitted to the remote service (privacy consideration). The skill will create and write files in the stated output directory.
Install Mechanism
There is no install specification (instruction-only/inline code), which is low risk from an installation perspective. However, the Python code imports non-stdlib packages (pandas, requests) but the SKILL.md and registry metadata do not declare these dependencies—ensure the runtime has these packages available.
Credentials
Only one credential (MX_APIKEY) is declared/used and it is necessary for the described API access. No unrelated environment variables or credentials are requested or referenced.
Persistence & Privilege
The skill does not request always:true and contains no code that modifies other skills or global agent configuration. It writes outputs to a skill-local workspace path, which is expected for this functionality.
Assessment
This skill is coherent with its stated purpose: it sends your queries and the MX_APIKEY to mkapi2.dfcfs.com and saves results to /root/.openclaw/workspace/mx_data/output/. Before installing: 1) Only provide an API key obtained from the official Eastmoney/MX platform; do not paste sensitive credentials into chat. 2) Accept that any query text (which may contain sensitive company/user data) will be transmitted to the remote API. 3) Ensure the execution environment has the Python packages pandas and requests available, or the skill may fail. 4) Note minor metadata inconsistencies (SKILL.md version vs registry version and differing ownerId in _meta.json); you may want to confirm the publisher/source if provenance is important. If you need the skill to run offline or avoid transmitting certain data, do not install/use it.Like a lobster shell, security has layers — review code before you run it.
latestvk97766xdrn7mx5hv5fjbv56zjh83sd9n
License
MIT-0
Free to use, modify, and redistribute. No attribution required.