A-Share Global Peer
AdvisoryAudited by VirusTotal on Apr 14, 2026.
Overview
Type: OpenClaw Skill Name: a-share-global-peer Version: 1.0.2 The skill is a legitimate financial analysis tool designed to match Chinese A-share companies with global peers. It utilizes a Python script (scripts/get_company_products.py) to interface with the Tushare API and provides structured instructions in SKILL.md for conducting web searches and generating comparison reports. No evidence of malicious intent, data exfiltration, or harmful prompt injection was found; the use of environment variables (TUSHARE_TOKEN) and external tools is consistent with the stated functionality.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may run a local Python command and perform web searches when answering peer-comparison requests.
The skill exposes local command execution and web search, but the command is scoped to the bundled helper script and is directly tied to the stated finance research workflow.
`web_search` | Search for global leaders, market share data ... `exec` | Run Python scripts for data fetching ... `python3 scripts/get_company_products.py --company "<company_name_or_code>" --output json`
Use the skill for intended company lookups, and avoid placing unrelated shell content or confidential information in the company-name input.
If you set a Tushare token, the skill can use that provider account for company-data queries.
The helper can use a Tushare API token from the environment to query company data. This is disclosed and purpose-aligned, and the code does not show token printing or unrelated transmission.
return os.environ.get('TUSHARE_TOKEN') ... ts.set_token(token) ... pro = ts.pro_api()Provide only the optional API keys you intend to use, and prefer least-privilege or revocable provider tokens where available.