ClawHub

Tushare Pro

v1.0.9

Fetch Chinese stock and futures market data via Tushare API. Supports stock quotes, futures data, company fundamentals, and macroeconomic indicators. Use whe...

22· 9.1k·43 current·50 all-time
bymanifold@manifoldor
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the required artifacts: python3/pip3 and TUSHARE_TOKEN are expected for a Tushare client. Declared dependencies (tushare, pandas) and the included script implement the described functionality.
Instruction Scope
SKILL.md instructs only to set TUSHARE_TOKEN, install Python deps, and run scripts/market.py. The runtime instructions do not ask the agent to read unrelated files, other environment variables, or transmit data to endpoints outside of Tushare usage.
Install Mechanism
No custom download URLs; dependency installation is via pip (tushare, pandas), which is appropriate and expected. This is standard for Python-based data clients (moderate supply-chain risk inherent to pip but proportional to the task).
Credentials
Only TUSHARE_TOKEN is required. The script reads that token and uses it to call the Tushare API—no unrelated credentials, config paths, or broad secrets are requested.
Persistence & Privilege
always is false and the skill does not request persistent elevated privileges or modify other skills' configs. Autonomous invocation is allowed but is the platform default and not combined with other red flags.
Assessment
This skill appears to do exactly what it claims: call the Tushare API using your TUSHARE_TOKEN. Before installing, verify you trust the publisher (source/homepage is not provided here), and consider: (1) set the token only for an account with appropriate permissions, (2) install Python packages in a virtualenv (or use --user) to limit environment impact, (3) review the included scripts if you have doubts (they are present and readable), and (4) be aware that pip packages carry usual supply-chain risk—use official PyPI packages or your organization's approved mirrors if required.

Like a lobster shell, security has layers — review code before you run it.

latestvk976p0dmd5mypf4rsyhjt0rccn834bpy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3, pip3
EnvTUSHARE_TOKEN

Comments