技术分析-缠论
v1.0.0基于缠中说禅理论自动识别A股技术面要素,生成带分型、笔、线段、中枢、背驰的技术分析图表和报告。
⭐ 1· 105·0 current·0 all-time
by@laigen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (ChanLun technical analysis) match the code and SKILL.md: the scripts implement fractals, strokes, segments, pivots, MACD divergence, PNG chart generation and Markdown/JSON reports. The single required env var (TUSHARE_TOKEN) and declared pip deps (pandas, numpy, matplotlib, tushare) are appropriate for fetching A‑share data and plotting.
Instruction Scope
SKILL.md instructs only to set a TUSHARE_TOKEN, run the provided Python entry script with typical flags, and expects outputs in ./outputs. The code writes local files and uses signal/timeouts; I found no instructions or code that attempt to read unrelated system files, exfiltrate data to unknown endpoints, or perform broad system enumeration.
Install Mechanism
There is no automated install spec (install-only by pip is implied in skill.json). The skill.json lists pip dependencies (pandas, numpy, matplotlib, tushare) which is reasonable. Note: because there is no packaged installer, users must install the listed Python packages themselves (pip).
Credentials
Only TUSHARE_TOKEN is required and justified by the Tushare data source. The SKILL.md shows how to set it. No other secrets or unrelated environment variables are requested.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and runs as a normal user process. It writes outputs to a local outputs directory, which is consistent with its purpose.
Assessment
This skill appears internally consistent with its stated purpose, but check a few practical points before installing or running: 1) Provenance — the source/homepage are missing; only install/run code included, so confirm you trust the author or review the full scripts (especially the data‑fetch function) before running. 2) Tushare token — you'll need to provide TUSHARE_TOKEN; treat this like any API key (do not reuse high‑privilege credentials). 3) Dependencies — install the listed pip packages in a virtualenv to avoid system package conflicts. 4) Output files — the skill writes PNG/MD/JSON files to an outputs directory (default ./outputs); run in a sandbox or dedicated directory if you want to review files first. 5) Review data‑fetch code (analyze_stock) to confirm it only calls Tushare and handles the token appropriately; verify there are no hardcoded or hidden external endpoints. If you want greater assurance, run the scripts in an isolated environment (container/VM) and inspect network calls.Like a lobster shell, security has layers — review code before you run it.
latestvk97fvpzyss29bxh4ywc7nas2xs83pkhr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.