Eastmoney Select Stock 1.0.2
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears aligned with its stock-screening purpose, but users should verify the publisher metadata and protect the Eastmoney API key it uses.
This skill is reasonable for stock screening if you trust the Eastmoney API integration. Before installing, verify the publisher/version because of metadata inconsistencies, set EASTMONEY_APIKEY only in a trusted environment, and avoid including sensitive personal information in query keywords.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users may have less assurance that the registry listing and packaged artifact identify the exact same publisher/version.
The internal metadata differs from the supplied registry metadata, which lists a different owner ID, slug suffix, and version. This is a provenance consistency issue, although the provided code and instructions remain coherent.
"ownerId": "kn73m56g83j65mv3bjd848j7vn82t04f", "slug": "eastmoney-select-stock", "version": "1.0.2"
Verify the publisher and intended version before installing, especially because the skill uses an API key.
The API key may authorize requests against the Eastmoney service and should be treated as a secret.
The skill requires an Eastmoney API key. This is expected for the service integration and no hardcoded credential or unrelated credential use is shown, but the registry requirements section says no required env vars.
required_env_vars:\n - EASTMONEY_APIKEY\ncredentials:\n - type: api_key\n name: EASTMONEY_APIKEY
Use the key only in a trusted environment, avoid pasting it into prompts or logs, and rotate it if it is exposed.
Eastmoney's API will receive the stock-screening text the user submits, along with the API key in the request header.
The skill discloses that user query keywords are sent to an external API. This is purpose-aligned for current stock screening, but it is still an external data flow.
本 Skill 会将用户的查询关键词(Keyword)发送至东方财富官方 API 接口 (`mkapi2.dfcfs.com`) 进行解析与检索。
Do not include personal or confidential information in stock-screening keywords, and review the provider's terms if that matters for your use case.