A股多智能体投研-15 AI 分析师
PassAudited by ClawScan on May 1, 2026.
Overview
This is a disclosed stock-analysis API wrapper that uses an API token and sends stock query parameters to a remote service, so use it only with a trusted endpoint and treat the financial recommendations cautiously.
Before installing, make sure you trust the TradingAgents backend or your self-hosted API URL, protect the TRADINGAGENTS_TOKEN, avoid sharing sensitive portfolio or account details in prompts, and use the generated buy/sell/hold analysis only as one input to your own investment review.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the script sends one or more stock analysis requests to the configured backend and may wait up to the configured timeout.
The helper script submits analysis jobs to a remote API, then polls and fetches results. This is central to the skill's purpose and is user-directed, but it is still network tool use that can consume API quota and send requested symbols to the service.
resp=$(curl -s -w "\n%{http_code}" -X POST "${API_URL}/v1/analyze" ... -d "$payload")Run it only for symbols you intend to analyze, review batch requests before submitting many symbols, and keep the timeout/polling settings reasonable.
Anyone who obtains the token could potentially use the TradingAgents API within that token's permissions.
The skill requires a bearer token and sends it as the credential for API requests. This is expected for the service integration, but the token represents account/API access.
TOKEN="${TRADINGAGENTS_TOKEN:?请设置 TRADINGAGENTS_TOKEN 环境变量}" ... -H "Authorization: Bearer ${TOKEN}"Use a minimal-privilege token, store it securely, use only trusted HTTPS API endpoints, and revoke or rotate the token if it may have been exposed.
The configured backend can see the stocks, dates, and analysis horizons you request.
The artifacts disclose a remote provider data flow and describe the transmitted fields as narrow. Even narrow stock-query data can reveal investment interests.
Only the extracted stock symbol, trade date, and analysis parameters (`symbol`, `trade_date`, `horizons`) are transmitted to the backend. The raw conversation text is **never** forwarded.
Avoid including personal account details or exact private holdings in prompts, and consider self-hosting or a trusted endpoint if query privacy matters.
Users could make investment decisions based on AI-generated recommendations that may be incomplete or wrong.
The skill explicitly produces actionable investment recommendations. This is aligned with its purpose, but it may encourage users to place high trust in AI-generated financial analysis.
deliver structured buy/sell/hold recommendations with risk assessment
Treat the output as research support, not guaranteed financial advice, and verify with independent sources or a qualified professional before trading.