ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

A Share Metrics Card

v1.0.0

获取并生成 A股单只股票的关键指标“体检卡”(估值/盈利质量/现金流/负债/分红/交易活跃度等),输出为统一 Markdown,便于对比与持续跟踪。用在:"帮我查600406关键指标"、"做一张国电南瑞体检卡"。

1· 535·4 current·4 all-time
by@joifg
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description request A‑share metrics; the SKILL.md and included Python script use AkShare and public Eastmoney endpoints to fetch quotes/financial indicators and produce a Markdown card — this is coherent and proportional to the stated purpose.
Instruction Scope
Instructions and script perform parameter validation, network calls to public data sources, best-effort fallbacks, and write a Markdown file to a local path. They do not request unrelated files, secrets, or system configuration. The script clearly documents behavior and failure modes.
Install Mechanism
No install spec is provided (instruction-only), but the script requires third‑party Python packages (akshare, curl_cffi). This is not malicious but means dependencies must be installed manually in the runtime environment; the SKILL.md and README reference AkShare but do not declare a dependency block.
Credentials
The skill requests no environment variables, credentials, or config paths. Network access to public APIs is necessary for its function; there is no evidence of credential harvesting or unrelated secrets being accessed.
Persistence & Privilege
The skill does not request permanent inclusion (always: false), does not modify other skills or system settings, and only writes its own output file under notes/stocks/cards by default.
Assessment
This skill appears coherent and focused: it fetches public market and financial data and writes a Markdown 'metrics card' locally. Before installing/using it, consider: (1) install required Python packages (akshare, curl_cffi) in a virtual environment; the skill has no automatic installer. (2) It performs network requests (Eastmoney push2 and AkShare upstream APIs) — expect rate limits, possible blocking on cloud hosts, and check source data licensing/terms. (3) It writes files to notes/stocks/cards by default — verify that path is acceptable. (4) If you run automated agents, remember this skill can be invoked by the agent (normal behavior); review the script yourself or run it in an isolated environment if you have security concerns.

Like a lobster shell, security has layers — review code before you run it.

latestvk97crp39e6b3mj92b7ak0b3avn824s4f

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🩺 Clawdis

Comments