Stock Inquiry - 股票查询
PassAudited by ClawScan on May 1, 2026.
Overview
This stock-quote skill appears benign: it uses a disclosed JisuAPI key to call fixed stock API endpoints and shows no hidden persistence, local data access, or destructive behavior.
Before installing, make sure you trust JisuAPI as the data provider and are comfortable setting JISU_API_KEY in the environment. Each lookup sends the key and requested stock parameters to api.jisuapi.com; no evidence in the provided artifacts shows unrelated data collection, persistence, or file modification.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your JisuAPI key will be used when the agent queries stock data, and those requests may count against your provider quota or plan.
The script reads the user's JisuAPI key from the environment and sends it to the external stock API as a request parameter. This is disclosed and purpose-aligned, but it is still credential use.
appkey = os.getenv("JISU_API_KEY") ... all_params = {"appkey": appkey} ... requests.get(url, params=all_params, timeout=10)Use a dedicated JisuAPI key if possible, keep it private, and monitor quota or billing on the provider account.