A Stock N Pattern
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: a-stock-n-pattern Version: 1.0.9 The skill is a legitimate financial analysis tool designed to provide A-share stock signals based on the 'N-pattern' technical indicator. It utilizes a transparent paid-access model (0.01 USDC via the x402 protocol) and fetches data from a documented external API (https://a-stock-signals.vercel.app/n). The provided Python code (api.py) is a standard FastAPI implementation serving sample data, and the instructions in SKILL.md are consistent with the stated purpose without any signs of malicious intent, data exfiltration, or harmful prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may pay for or rely on stock recommendations believing they are real-time screened market results, when the reviewed implementation does not substantiate that behavior.
The included implementation returns a hard-coded list of stock recommendations, which conflicts with the SKILL.md claims of real-time screening and market-data-backed results from 东方财富 / 同花顺.
N_PATTERN_SIGNALS = [ {"code": "000858", "name": "五粮液", ...}, ... ]Treat the output as unverified unless the publisher provides inspectable backend code or clear proof that the live endpoint performs the advertised real-time screening.
Repeated or accidental invocations could create small recurring charges.
The skill is designed to charge 0.01 USDC through x402 on each call, so invoking it can spend user-controlled funds or delegated payment authority.
支付挑战:触发 x402 协议,单次扣费 0.01 USDC
Confirm each paid call or configure spending limits before allowing the agent to use this skill.
The user must trust an external service for paid financial signal generation and payment handling.
The skill relies on a remote backend endpoint, while the registry lists an unknown source and no homepage; the remote service is disclosed and purpose-aligned, but its full implementation is not reviewable in the supplied artifacts.
endpoint: "https://a-stock-signals.vercel.app/n"
Prefer skills with a verifiable publisher, documented backend behavior, and clear payment controls.