A Stock Analyzer.Bak
v1.0.0A股智能分析交易助手(专业版)。基于马克·米勒维尼趋势模板和7大严格财务条件筛选优质个股,适用于追求高基本面标准的价值趋势投资者。
⭐ 0· 63·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (A股智能分析交易助手) align with the bundled scripts and reports: analyze.py, prefetch.py and pusher.py implement market data retrieval, financial screening, scheduled prefetching and report push. Required libraries (akshare, pandas, numpy, requests) are appropriate for the stated functionality.
Instruction Scope
SKILL.md instructs running the included Python scripts and installing the declared Python deps — consistent with the code. The runtime instructions and code only reference market data endpoints, local config.json, cache and report files. Minor inconsistencies: SKILL.md examples mention pushing to 'dingtalk' while the provided config.json defaults to 'feishu' and leaves the feishu_webhook empty; analyze._save_financial_cache clears in-memory caches after saving (likely a bug). No instructions attempt to read unrelated host files or request unrelated system credentials.
Install Mechanism
No install spec; this is instruction+code only. Dependencies are standard Python packages (akshare/pandas/numpy/requests) installed via pip — expected for a market-data analyzer. No remote archive downloads or arbitrary installer URLs were used.
Credentials
The skill does not request environment variables or credentials. Pushing reports requires webhooks configured in config.json (feishu_webhook / dingtalk_webhook). Because webhooks are stored in config.json (not declared env vars), user must ensure webhook URLs are correct and secret — otherwise reports could fail to send or be sent to an unintended endpoint. No evidence of requests for unrelated credentials or access to system-wide secrets.
Persistence & Privilege
always is false and the skill does not request persistent platform privileges. It writes cache, logs and report files under its own directory (reports/, cache/, logs/) — expected behavior for this tool and not a system-wide privilege escalation.
Assessment
This skill appears to implement exactly what it claims (market data retrieval, rule-based screening, and report push). Before installing: 1) Inspect and set config.json push.webhook fields (feishu_webhook, dingtalk_webhook) — webhook URLs are sensitive; keep them private. 2) Run initially in an isolated environment or container because the scripts make many outbound HTTP requests to public market-data endpoints. 3) Confirm you want automated pushes enabled (config.push.enabled = true) and that channels list matches configured webhooks. 4) Review/update the schedule/cron before enabling automated runs to avoid unexpected network/CPU use. 5) Note minor code issues (cache clearing after save, slight config/doc mismatches) — these look like bugs rather than malicious behavior. If you need higher assurance, run the code in a sandbox and/or audit network destinations (eastmoney, gtimg, sina, akshare) used by the scripts.Like a lobster shell, security has layers — review code before you run it.
latestvk9702kq5s6g8nsghvd2zxd7sd983shwk
License
MIT-0
Free to use, modify, and redistribute. No attribution required.