jy-stock-analysis
PassAudited by ClawScan on May 10, 2026.
Overview
This stock-analysis skill appears purpose-aligned, but it requires a Gildata API key, mcporter/npm setup, and persistent MCP configuration.
Before installing or using this skill, verify the mcporter package source, understand where the JY_API_KEY will be stored, and avoid sending confidential non-stock information in queries. The artifacts do not show malicious behavior.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone with access to the mcporter configuration may be able to use the user's Gildata API entitlement.
The skill asks the user to obtain and configure a provider API key. This is expected for Gildata access, but it is still a credential that should be protected.
获取 JY_API_KEY ... mcporter config add jy-financedata-tool --url "https://api.gildata.com/...?...token=你的 JY_API_KEY"
Use a dedicated API key if possible, keep the mcporter config private, and rotate the key if it is exposed.
Installing a global npm tool can affect the local environment and inherits the trust level of that package.
The skill relies on a global npm package for MCP access. This is central to the stated purpose, but package provenance and version should be verified.
requires: bins: ["node", "npm", "mcporter"] ... package: mcporter ... npm install -g mcporter
Install mcporter only from the expected npm source, consider pinning/recording the version, and avoid running setup commands unless needed.
Using the skill may generate multiple provider API calls for a single analysis request.
The skill instructs the agent to make many external MCP tool calls for a stock report. These calls are disclosed and read-oriented, but users should be aware of provider usage and possible quota/cost implications.
执行五大模块分析(并发调用)... 调用 `AShareLiveQuote` ... `InstitutionalRating` ... `NewsPublicOpinionList` ... `StockQuoteTechIndex`
Confirm the requested stock and analysis scope before running, especially if the API key has quotas or billing.
Stock-analysis queries and the API-authenticated requests are sent to Gildata's MCP service.
The skill configures an external MCP provider endpoint. The endpoint is disclosed and purpose-aligned, but user queries and authentication are routed through that provider.
mcporter config add jy-financedata-api --url "https://api.gildata.com/mcp-servers/aidata-assistant-srv-api?token=你的 JY_API_KEY"
Only submit intended financial-analysis queries, avoid including unrelated private information, and review the provider's data-handling terms.