Astock Data

This skill appears to implement the described market-data queries, but there are multiple red flags you should address before installing or using it with real credentials: - Do not rely on the built-in shared token for production. It is hard-coded in the script (search for the long string) and is shared across users — use your own QGDATA_TOKEN instead. - The script forcibly inserts a path into sys.path that points to ~/china-stock-skill/qgdata_env/..., which is unusual and risky: it will prefer any qgdata package placed there over the standard site-packages. Inspect or remove that line (sys.path.insert(...)) or ensure the directory is safe and not writable by untrusted parties. - Metadata mismatch: the registry metadata claims no required env vars/binaries but SKILL.md requires python3 and QGDATA_TOKEN. Ask the publisher to correct metadata and provide a homepage/source repository so you can verify provenance. - The script has coding issues (duplicate/early __main__ logic) that may cause runtime errors; run it in an isolated/sandbox environment first to test behavior. - If you plan to use this for trading or automated strategies, prefer creating and using a dedicated personal API token, rate‑limit your usage, and verify the qgdata package source (pip install from PyPI or vendor from a trusted repo). If you cannot verify the package provenance and remove the sys.path hack, avoid using the skill with sensitive credentials. If you want, I can: (1) show the exact lines to inspect/remove (sys.path insertion and the hard-coded token), (2) produce a safer wrapper that only uses a system-installed qgdata package, or (3) help craft questions to send to the skill publisher to establish trust.