✓
Purpose & Capability
Name/description, SKILL.md and the two Python scripts are coherent: they implement cup-and-handle detection, visualization, and batch scanning. The dependencies listed (pandas, numpy, matplotlib, optional tushare) match the code's needs.
ℹ
Instruction Scope
Instructions and scripts work with either: (a) live data via Tushare (requires TUSHARE_TOKEN) or (b) local SQLite DB for batch scans. The scripts read local SQLite DBs (path provided by user) and write images/files to user home/tmp directories. This is expected for the stated purpose but you should be aware the batch script will read any DB file you point it at.
✓
Install Mechanism
No install spec (instruction-only) and the code uses standard Python libraries. SKILL.md lists required Python packages; there are no downloads from untrusted URLs or custom install steps in the package manifest.
ℹ
Credentials
The code requires TUSHARE_TOKEN (environment variable) when fetching live data via tushare. SKILL.md documents tushare as an optional dependency and notes TUSHARE_TOKEN, but the registry metadata lists no required env vars — this mismatch is informational (token is needed only for live fetches). No other credentials are requested.
✓
Persistence & Privilege
Skill does not request persistent or elevated platform privileges (always:false). It writes output to user-writable dirs under the home/temp areas; it does not modify other skills or system-wide agent settings.
Scan Findings in Context
[USES_ENV_TUSHARE_TOKEN] expected: scripts/cup_handle_detector.py reads TUSHARE_TOKEN from environment when using tushare.pro to fetch live market data; this is expected for live-data retrieval but the registry did not declare the env var as required.
[EXTERNAL_NETWORK_TUSHARE_API] expected: The code uses the tushare/pro API (network access) to obtain daily price data. Network access to Tushare is consistent with the skill's purpose.
[SQL_QUERY_WITH_TABLE_NAME_FSTRING] expected: batch_scan_cup_handle.py constructs a SQL SELECT using the provided table name via an f-string. This is functional for local DB scanning but could be unsafe if untrusted table names are supplied — the script assumes local, user-controlled DB inputs.
Assessment
This skill appears to do what it says: detect cup-and-handle patterns and draw annotated charts. Before installing/running, note: (1) If you want live data, you must provide a TUSHARE_TOKEN (set as an environment variable) and install tushare; SKILL.md documents this but the registry metadata does not list the env var — set it only if you trust tushare and your token. (2) The batch scanner reads any SQLite file you point it to and will save chart files under your home/temp directories — verify the database path and output path before running. (3) There are no hidden network endpoints beyond Tushare and no other credential requests. For safety, run the scripts in a dedicated Python virtual environment, audit the code if you will supply sensitive databases, and only supply your TUSHARE_TOKEN to trusted code/run contexts.
