股票查询
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users may expect U.S. stock lookups to work, but the tool will reject those symbols.
The executable only supports 6-digit A-share and 5-digit Hong Kong symbols, which contradicts the user-facing claim that U.S. stocks such as AAPL/MSFT are supported.
reject(new Error('暂只支持A股(6位数字)和港股(5位数字)'))Treat the skill as an A-share/Hong Kong stock lookup unless the code is updated to implement U.S. stock support.
The skill may require a Node runtime even though the registry requirements do not call that out.
The package exposes a Node-based CLI and declares a Node runtime requirement, while the registry metadata lists no required binaries or install spec. This is under-declared setup context, not hidden execution.
"bins": [{ "name": "stock", "path": "bin/stock.js" }], "requires": { "node": ">=14" }Confirm Node is available and review the included bin/stock.js before installing or invoking the CLI.
Sina Finance can see the stock symbols you query through this tool.
The tool sends the validated stock code to Sina Finance to retrieve quote data. This external provider call is disclosed and necessary for real-time market data.
const url = `https://hq.sinajs.cn/list=${code}`; ... https.get(url, { headers: { 'Referer': 'https://finance.sina.com.cn' } }Use the skill only when you are comfortable sending queried tickers to Sina Finance; no credentials are required.