Datayes Stock Data
通过 Datayes 查询 A 股和港股的行情、分时、K 线、财务、估值、资金流向、股东持仓、分红和公司资料。用户询问个股价格、公司基本面、估值指标、资金流向、排行筛选、技术指标或其他需要实时股票数据的问题时使用。
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 6 · 0 current installs · 0 all-time installs
MIT-0
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name/description match the included scripts: the code queries Datayes API specs and then calls the business endpoints. However the registry metadata declares no required environment variables or primary credential while both SKILL.md and all scripts require a DATAYES_TOKEN; this is an incoherence between declared requirements and actual runtime needs.
Instruction Scope
SKILL.md correctly documents using scripts/datayes_api.py and that the token comes from DATAYES_TOKEN. The instructions and code only reference network calls to Datayes and local script usage; they do not instruct reading unrelated files or secrets. One important behavioral detail: the workflow fetches an API spec and then uses the spec's httpUrl to perform the business call — the token is included in the Authorization header for those subsequent requests, so the skill will forward your DATAYES_TOKEN to the resolved httpUrl returned by the spec.
Install Mechanism
No install spec and scripts use only the Python standard library. Nothing is downloaded from external URLs or written to disk beyond the included files, which is low-risk from an install mechanism perspective.
Credentials
The skill legitimately needs a single DATAYES_TOKEN to call the Datayes APIs, which is proportionate to its purpose. However the declared registry metadata omits this requirement entirely; that mismatch is concerning. Also note the token is sent as Bearer in headers to the httpUrl resolved from the API spec — if the spec pointed to an unexpected host this would expose the token.
Persistence & Privilege
The skill does not request permanent presence (always=false) and does not modify system or other skills' configuration. It runs as a user-invoked tool or can be invoked autonomously per platform defaults; this is expected and not excessive here.
What to consider before installing
Key points before you install/use this skill:
- The scripts require a DATAYES_TOKEN (export DATAYES_TOKEN='your-token') even though the registry metadata claims no env vars — treat that omission as a packaging bug and do not assume no secret is needed.
- DATAYES_TOKEN is sensitive: only provide a token that is scoped and revocable, store it securely (not checked into code), and prefer ephemeral/least-privilege credentials if Datayes supports them.
- The code fetches an API spec from a hard-coded API_INFO_URL (https://gw.datayes.com/...) and then calls the spec's httpUrl; the token is sent as Authorization: Bearer <token> to those endpoints. If the spec returned an unexpected URL, the token and any request payloads could be sent to that URL. Only use this skill if you trust the Datayes service and the skill source.
- Because the metadata is inconsistent, consider running the included smoke_test.py locally (it requires the token) to verify behavior before enabling the skill in an automated agent. Inspect/sanity-check the API_INFO_URL and sample specs returned by your token to ensure they point to expected Datayes endpoints.
- If you plan to install permanently, ask the skill author to update the registry metadata to declare DATAYES_TOKEN as required and to document token scope and retention. If you cannot confirm the author/source, treat the skill as untrusted and avoid supplying high-privilege tokens.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.0
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
Datayes Stock Data
使用 Datayes 接口回答股票与上市公司数据问题。通过仓库内的 Python 脚本发请求。
使用脚本
先确认环境变量已配置:
export DATAYES_TOKEN='your-token'
脚本位置:scripts/datayes_api.py
python scripts/datayes_api.py market_snapshot --param ticker=002594 --param type=stock --result-only --pretty
脚本行为:
- 自动从环境变量
DATAYES_TOKEN读取 token。 - 在所有请求头里携带
Authorization: Bearer <token>。 - 先请求 API 规格接口,再按返回的
httpUrl、httpMethod和参数位置调用真实业务接口。 - 调用前按规格校验参数名,并自动补齐有默认值的必填参数。
- 支持
--result-only只看业务结果,支持--field提取嵌套字段。 - 默认输出 JSON,并同时包含规格信息和业务结果。
工作流
- 判断用户要查的是行情、财务、估值、资金流向、股东持仓还是公司资料。
- 如果只有公司名,没有股票代码,先调用
stock_search。 - 先用
--spec-only拉取最新 API 规格,确认必填参数、参数位置和请求方法。 - 再执行正式请求,必要时组合多个接口交叉验证。
- 读取返回字段后,用自然语言总结结果,并明确时间范围、单位和口径。
常用命令
只查规格:
python scripts/datayes_api.py market_snapshot --spec-only --pretty
查股票代码:
python scripts/datayes_api.py stock_search --param query=比亚迪 --result-only --pretty
python scripts/datayes_api.py stock_search --param query=比亚迪 --result-only --field data.hits.0.entity_id
说明:stock_search 当前规格里的默认参数会自动补齐;常见返回字段是 entity_id,A 股场景下可直接作为股票代码使用。
查实时快照:
python scripts/datayes_api.py market_snapshot --param ticker=002594 --param type=stock --result-only --pretty
python scripts/datayes_api.py market_snapshot --param ticker=002594 --param type=stock --field result.data.lastPrice
查利润表:
python scripts/datayes_api.py fdmt_is_new_lt --param ticker=002594 --param reportType=A --param beginDate=20230101 --param endDate=20241231 --result-only --pretty
运行 smoke test:
python scripts/smoke_test.py
参数约定
--param key=value可重复传入多个参数。value支持普通字符串,也支持 JSON 字面量;数组和布尔值可直接写成 JSON,例如--param ids='["000001","000002"]'。- 日期优先使用接口要求的格式,常见为
YYYYMMDD。 - 当接口要求
type时,不要省略;例如区间涨跌统计通常要显式传type=stock。 - 如果传入旧参数名或无效参数名,脚本会先本地报错,而不是把错误请求直接发到线上。
--field使用点路径;数组下标直接写数字,例如result.data.0.ticker。
输出规则
- 优先引用接口返回的原始数值,不要凭经验补充未经验证的结论。
- 如果多个接口口径可能不同,先说明差异,再给结论。
- 如果接口报错或无数据,先检查股票代码、日期范围、
type、reportType等关键参数。 - 如果需要更多接口映射和常见参数,读取
references/api-catalog.md。
Files
5 totalSelect a file
Select a file to preview.
Comments
Loading comments…