jy-industry-research-summary
v1.0.0基于聚源数据 MCP 服务获取券商行业研报观点速览,结构化输出行业发展趋势、竞争格局、技术创新、政策环境、投资建议、风险提示等分析维度。使用场景:当用户需要快速了解某行业的券商研报观点、查询特定行业的投资分析、获取行业发展趋势、竞争格局分析、政策解读、投资建议或风险提示时触发。Triggered when use...
⭐ 0· 42·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description, required binaries (mcporter, node, npm) and the npm install for mcporter align with a skill that calls 聚源 MCP via the mcporter CLI to fetch research reports.
Instruction Scope
SKILL.md stays within the stated purpose: it directs checking/ installing mcporter, configuring a MCP service with a JY_API_KEY, calling jy-financedata-tool.ResearchReport, merging results and emitting structured JSON. It does instruct editing OpenClaw config and restarting the gateway (expected). Caution: it shows adding the API key as a token query parameter in a URL/CLI command — this can expose keys in shell history, logs, or process listings.
Install Mechanism
Install uses npm (npm install -g mcporter). npm is a standard registry; this is moderate-risk but expected. Recommend verifying the mcporter package name/maintainer and reviewing its npm page before global installation.
Credentials
Skill metadata declares no required env vars, but runtime instructions clearly require a JY_API_KEY and optionally setting MCPORTER_CONFIG. This is proportionate to the function, but there is a minor manifest mismatch (credential required by instructions is not declared in requires.env). Recommend treating JY_API_KEY as a sensitive secret and keeping its storage/configuration secure.
Persistence & Privilege
always is false and the skill does not request elevated or persistent platform privileges. It asks the user to enable mcporter in OpenClaw config (normal) and restart the gateway; this is within expected scope.
Assessment
This skill appears coherent for fetching 聚源 MCP research via the mcporter CLI. Before installing: 1) Verify the npm package 'mcporter' (author, downloads, repo) to reduce supply-chain risk. 2) Treat the JY_API_KEY as a secret: avoid embedding it directly in command lines or URLs (shell history, logs, and process lists can leak it); prefer storing it in the mcporter config file with tight file permissions. 3) Back up your OpenClaw config before editing and ensure MCPORTER_CONFIG points to a protected config file. 4) If you cannot verify the mcporter package origin, consider obtaining the MCP API access details directly from the vendor and reviewing any client code before global installation. If you want, I can list exact checks to perform on the npm package and sample secure ways to store the API key.Like a lobster shell, security has layers — review code before you run it.
latestvk971dfv7s8yq2vkxbr37ze4101844dbh
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📊 Clawdis
Binsnode, npm, mcporter
Install
Install mcporter via npm
npm i -g mcporter