TuShare Stock Skill
v1.0.3面向中国 A 股的 Tushare 专用技能,提供股票数据获取、个股分析与交易观察能力。
⭐ 5· 3.7k·24 current·24 all-time
byZexun Chen@magica-chen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the requested runtime footprint: python3 + tushare/pandas/requests/bs4 and a single required credential TUSHARE_TOKEN. Declared network endpoints (tushare.pro, api.waditu.com) and optional cache/env file variables align with accessing Tushare APIs and building a local endpoint catalog.
Instruction Scope
SKILL.md and the main scripts restrict runtime actions to: reading TUSHARE_TOKEN (or an explicit env file), calling Tushare/pro APIs, optionally crawling tushare.pro when running the catalog builder, and producing JSON/analysis outputs. The code reads only declared env vars and the optional env file; it does not attempt to scan home directories or other unrelated credentials.
Install Mechanism
There is no remote download/install step in the skill package. Dependencies are standard Python packages listed in requirements.txt (pandas, tushare, requests, beautifulsoup4). The one script that fetches remote content is build_catalog.py which intentionally requests the official Tushare docs (tushare.pro). No installs from untrusted URLs or archive extracts are present.
Credentials
Only one required secret is declared (TUSHARE_TOKEN) which is exactly what a Tushare client needs. Optional env vars (TUSHARE_STOCK_ENV_FILE, TUSHARE_POINTS, TUSHARE_STOCK_CACHE_DIR) are reasonable for cache/config control. The code does not access other environment variables or unrelated credentials.
Persistence & Privilege
Skill is not forced-always on and uses normal agent-invocation defaults. It does not modify other skills or system-wide settings. The package may write cache files under the declared cache dir, but it does not request elevated system privileges or persistent cross-skill changes.
Assessment
This skill appears coherent and targeted: it needs only a valid TUSHARE_TOKEN and a Python 3 environment with the listed packages. Before installing, confirm you are comfortable giving this Tushare token (it will be used to make API calls to tushare.pro/api.waditu.com). If you want to limit exposure, set TUSHARE_TOKEN in a dedicated env file and provide that path via TUSHARE_STOCK_ENV_FILE, run the skill in an isolated environment (venv/container), and review the included scripts (scripts/tushare_stock.py and scripts/build_catalog.py) yourself. Be aware build_catalog.py will fetch the official tushare.pro documentation when you run it; otherwise the skill uses the bundled references/stock_endpoints.json. If you plan to let an agent invoke the skill autonomously, remember it can call these scripts with the provided token—this is expected for a data-access skill but ensure the token's permissions/rate limits are appropriate.Like a lobster shell, security has layers — review code before you run it.
latestvk979b334z9ajncg2qehm73903n82jzp0
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📈 Clawdis
Binspython3
EnvTUSHARE_TOKEN
Primary envTUSHARE_TOKEN