ClawHub

Skills of ETF data released by ft.tech.

v1.0.1

A 股 ETF 数据技能集(market.ft.tech)。覆盖单只 ETF 详情、ETF 分页列表(排序/筛选)、ETF K 线(日/周/月/年线)、ETF 分钟级分时、ETF PCF 列表与下载。用户询问某只 ETF 行情、ETF 列表、ETF K 线、分时或 PCF 申购赎回清单时使用。

47· 339·0 current·0 all-time
by@shawn92
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implemented behavior: all sub-skills perform GET requests to https://market.ft.tech for ETF details, lists, K-lines, prices, PCF files and components. No unrelated credentials, binaries, or platform APIs are requested.
Instruction Scope
SKILL.md and sub-skill SKILL.md files instruct the agent to run the included Python handlers (run.py -> sub-skills/*/scripts/handler.py). Handlers only build URLs, call the market.ft.tech endpoints, process JSON/ timestamps, and output JSON or write downloaded PCF files. They do not read arbitrary system files or access environment variables.
Install Mechanism
No install spec; the package contains Python scripts that run in-place. No external installers, downloaded archives, or untrusted URLs are used by the skill itself.
Credentials
The skill requires no environment variables, credentials, or config paths. All network calls go to the declared base domain. No secrets are requested or used.
Persistence & Privilege
always is false and the skill does not modify other skills or system configuration. It will run handlers on invocation; autonomous model invocation is allowed by default (disable-model-invocation=false) which is normal for skills and is not combined with other red flags here.
Assessment
This skill appears coherent and only issues HTTPS GETs to https://market.ft.tech and prints or saves the responses. Before installing or enabling it, consider: 1) Trust the data provider (market.ft.tech) — network calls will expose your agent's IP and request metadata to that host. 2) Downloaded PCF files are written only inside the current working directory (the skill enforces a safe path), but avoid running it from sensitive directories. 3) The skill runs included Python scripts locally (run.py launches handlers); if you need stronger isolation, run it in a sandbox or with restricted network access. 4) If you require offline or auditable execution, review the provided handler code (no obfuscation detected) and verify the domain and expected endpoints.

Like a lobster shell, security has layers — review code before you run it.

latestvk978m6ayjprsant2rm56nmezrd83736g

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments