Back to plugin

Security audit

Openclaw Data China Stock

Security checks across malware telemetry and agentic risk

Overview

This appears to be a coherent China market-data plugin; it runs local Python tooling and can write local OpenClaw/cache files, but the disclosed behavior matches its stated purpose.

This skill looks appropriate for users who want China market-data and research tools in OpenClaw. Before installing, review the source-install and development-registration steps, use a virtual environment, provide TUSHARE_TOKEN only if needed, and be aware that enabling cache or health snapshots can write local data files.

VirusTotal

64/64 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dynamic_code_execution, suspicious.install_untrusted_source

Dynamic code execution detected.

Critical
Code
suspicious.dynamic_code_execution
Location
tests/test_manifest_tool_map_parity.py:18
Evidence
spec.loader.exec_module(mod)  # type: ignore[union-attr]

Dynamic code execution detected.

Critical
Code
suspicious.dynamic_code_execution
Location
tests/test_tool_runner_dispatch.py:17
Evidence
spec.loader.exec_module(module)  # type: ignore[union-attr]

Install source points to URL shortener or raw IP.

Warn
Code
suspicious.install_untrusted_source
Location
config.yaml:27
Evidence
url: "http://127.0.0.1:2080"