ClawHub

China Stock Smallcap

v2.0.0

小市值选股(纯 OpenClaw 公开源版):基于东财公开行情做小市值近似筛选。

0· 50·0 current·0 all-time
by@luyao-inc
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, SKILL.md, and the included Python script all implement a public-source small-cap stock selector that queries Eastmoney's public API. Requested resources (python) and no credentials are proportionate to the claimed functionality.
Instruction Scope
SKILL.md instructs the agent to run a script and to use web_search/web_fetch for supplemental info — these are within the skill's purpose. Minor inconsistency: SKILL.md references {baseDir}/scripts/a_share_public_selector.py while the package contains a_share_public_selector.py at the top level; this may cause runtime failures or require path adjustment.
Install Mechanism
No install spec and only an instruction-only runtime plus a single Python file — nothing is downloaded or written to disk at install time. This is low-risk and proportional.
Credentials
The skill does not request environment variables, credentials, or config paths. It only performs outbound HTTP requests to Eastmoney, which is expected for market-data retrieval.
Persistence & Privilege
The skill is not always-enabled and does not request elevated persistence or modify other skills. Model invocation is allowed (platform default), which is normal for skills.
Scan Findings in Context
[no_pre_scan_findings] expected: Static pre-scan found no injection signals. Given this is a small Python script that fetches a public API and has no credential use, that's expected.
Assessment
This skill appears coherent and implements what it claims: a public-source small-cap stock selector that queries Eastmoney and returns JSON. Before installing, note: (1) the SKILL.md references a scripts/ path but the provided file is at the package root — you may need to correct the path or move the file; (2) the script makes outbound HTTP requests to push2.eastmoney.com (normal for market data) — confirm you are comfortable with that network access; (3) no credentials or sensitive local files are accessed by the skill, and outputs are explicitly labeled as not investment advice. If you need higher assurance, inspect the included a_share_public_selector.py yourself or run it in an isolated environment. If the skill ever requests tokens, env secrets, or downloads code from external URLs, treat that as a red flag and re-evaluate.

Like a lobster shell, security has layers — review code before you run it.

latestvk976j1ggvp5q7vb2bx4ex6am5d84vpvd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Any binpython3, python

Comments