ClawHub

Cn Security Code Resolver Openclaw Skill

v1.0.0

Resolve A-share stocks, ETFs, funds, and other mainland China securities from Chinese names into tradable codes using Eastmoney search. This skill should be...

0· 79·0 current·0 all-time
by@mr-11even
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, README, SKILL.md, reference doc, and the included Python script all align: the skill queries Eastmoney's suggest API to map Chinese names to tradable codes. There are no unrelated requirements (no cloud creds, no unrelated binaries).
Instruction Scope
SKILL.md instructs the agent to run the bundled script and to use returned candidates with verification steps. The instructions do not ask the agent to read system files, environment variables, or send data to any endpoint other than Eastmoney's documented API. Writing portfolio files is optional and scoped to adding resolved codes.
Install Mechanism
No install spec — instruction-only plus a small Python script. Nothing is downloaded or extracted at install time and no third-party packages are pulled. This is low-risk.
Credentials
The skill requires no environment variables or credentials. The script embeds a commonly used public Eastmoney token (documented in references), which is consistent with the described behaviour; no secret exfiltration or extra credential requests are present.
Persistence & Privilege
always:false and default invocation settings. The skill does not request permanent presence or modify other skills or system-wide configs.
Assessment
This skill appears to do exactly what it says: call Eastmoney's public suggest API and rank candidates. Before installing, consider: (1) network privacy — each query is sent to Eastmoney (avoid sending sensitive or private identifiers you don't want transmitted), (2) public token — the script uses a public token embedded in the code (expected for this API) but it could break if Eastmoney changes tokens or rate-limits, (3) verification — ambiguous names can map to multiple instruments, so confirm top candidates before using results for trading or automated orders, and (4) production use — consider caching, rate-limiting, and error handling if you integrate this into automation. If you need offline or vendor-trusted sources, use a broker or official exchange mapping instead.

Like a lobster shell, security has layers — review code before you run it.

latestvk971gjsrw6rz2aztc76zkygj1183hvgp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments