股票打板筛选
v1.0.0筛选A股市场中当日及昨日涨停和强势股票,并统计各板块涨停数量,支持创业板和科创板筛选。
⭐ 2· 1.1k·11 current·12 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The skill's code implements an A-share screening tool (涨停/强势/创业板/科创板) consistent with the description. However, SKILL.md states the data source is '新浪财经' while bin/board.js actually queries push2.eastmoney.com (Eastmoney). This is an inconsistency in documentation but does not appear to change functionality.
Instruction Scope
SKILL.md instructs running the local 'board' CLI with simple arguments; the implementation only performs HTTPS GET requests to a public market API and prints results. The instructions do not ask the agent to read unrelated files, environment variables, or send data to unexpected endpoints. The only scope issue is the mismatched stated data source vs actual endpoint.
Install Mechanism
No install script is provided (instruction-only install), and included code is a small Node CLI that makes outgoing HTTPS requests. There are no downloads from arbitrary URLs or archive extraction. package.json uses a nonstandard 'bins' array instead of the usual 'bin' field, which is a packaging metadata issue but not a code-safety concern.
Credentials
The skill declares no required environment variables, no credentials, and the code does not access process.env. It only needs outbound network access to Eastmoney's public API, which is proportionate to its purpose.
Persistence & Privilege
always is false and the skill does not request elevated or persistent platform privileges. It does not modify other skills' configs or system-wide settings.
Assessment
This skill appears to be what it claims: a simple CLI that fetches market data from a public API and prints screened results. Before installing: 1) Note the documentation mismatch — SKILL.md says Sina Finance but the code calls Eastmoney; confirm you are comfortable with Eastmoney as the data provider. 2) Review package.json if you plan to publish or install via npm (the 'bins' field is nonstandard). 3) If you require strict provenance, review the code locally (bin/board.js is short) to ensure no network calls are added in future updates. 4) Be aware the tool needs outbound network access; ensure this aligns with your environment and any data-provider terms of service.Like a lobster shell, security has layers — review code before you run it.
latestvk973k55cms0jm29m75a14ksnx9822bbt
License
MIT-0
Free to use, modify, and redistribute. No attribution required.