东方财富妙想skills套件/eastmoney MX skills suite
Security checks across malware telemetry and agentic risk
Overview
The skill mostly matches its finance purpose, but it can change account-linked watchlists or simulated trading state and has an under-disclosed API endpoint override that could affect where your API key is sent.
Use this only if you are comfortable providing an Eastmoney MX_APIKEY. Before using account-changing features, require the agent to ask for confirmation for every add/delete, buy/sell, or cancel action. Check that MX_API_URL is unset or points only to the official Eastmoney API, and treat the output folder as sensitive because it can contain raw financial and account-related data.
VirusTotal
65/65 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent misinterprets a request or invokes this script too broadly, it could add or remove stocks from the user's Eastmoney account-linked watchlist.
The script directly calls the account watchlist management endpoint for delete and other natural-language management requests, with no visible confirmation step in the provided code.
elif command in ["delete", "del", "remove", "删除", "移除"] and args.stock:
query = f"把{args.stock}从我的自选股列表删除"
result = manage_self_select(apikey, query)
...
else:
result = manage_self_select(apikey, query)Require explicit user confirmation before add/delete operations, show the exact stock and action, and avoid sending generic natural-language requests to the management endpoint unless the user clearly asked for a mutation.
If MX_API_URL is set unexpectedly, the user's API key and simulated trading/account requests could be sent to a non-official endpoint.
The simulator sends the API key to a base URL controlled by an undocumented MX_API_URL environment variable, rather than always using the documented official domain.
MX_API_URL = os.environ.get('MX_API_URL', 'https://mkapi2.dfcfs.com/finskillshub')
...
url = f"{MX_API_URL}{endpoint}"
headers = {
'apikey': MX_APIKEY,
'Content-Type': 'application/json'
}Remove this override, restrict it to an allowlist of official domains, or clearly document it and warn users to verify MX_API_URL before use.
Financial query results and account-linked watchlist data may remain in the OpenClaw workspace after the task and could be exposed if the workspace is shared.
The script persists raw account watchlist API responses locally, which may include personal account-linked financial preferences or holdings-like lists.
json_path = output_dir / f"mx_self_select_{safe_filename(safe_name)}_raw.json"
with open(json_path, "w", encoding="utf-8") as f:
json.dump(result, f, ensure_ascii=False, indent=2)Treat the output directory as sensitive, delete files when no longer needed, and consider making raw JSON persistence opt-in for account-related operations.
Installing later package versions could change behavior or inherit upstream package risk.
The scripts rely on third-party Python packages with lower-bound version ranges. This is common and purpose-aligned, but not fully pinned or locked.
requests>=2.31.0 pandas>=1.5.0 openpyxl>=3.1.0
Install in a virtual environment and consider pinning exact dependency versions for reproducible use.