ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Eastmoney Stock.Bak

v1.0.0

查询东方财富股票数据,包括个股行情、涨跌幅、成交量等。用于回答股票相关问题。

0· 121·0 current·1 all-time
by@make453·fork of @dongchun2008/eastmoney-stock (1.0.0)

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for make453/eastmoney-stock-bak.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Eastmoney Stock.Bak" (make453/eastmoney-stock-bak) from ClawHub.
Skill page: https://clawhub.ai/make453/eastmoney-stock-bak
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install eastmoney-stock-bak

ClawHub CLI

Package manager switcher

npx clawhub@latest install eastmoney-stock-bak
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description say this uses 東方財富 (Eastmoney) APIs, and some scripts (sector_rank.py, sector_rank, etc.) call Eastmoney endpoints, but multiple key scripts (scripts/stock.py, analyze_603588.py, test_600323.py, hot_sectors.py) actually call Sina's hq.sinajs.cn endpoints. Functionality (fetching stock quotes, sector ranks, simple analysis) is consistent with the description, but the mixed/unnamed data sources and small metadata mismatch (registry ownerId vs _meta.json ownerId) are unexpected and reduce transparency.
!
Instruction Scope
SKILL.md instructions are limited to querying stock info and are scoped appropriately. However, several code files have side effects: many modules call their main functions at module load (e.g., analyze_603588.py, hot_sectors.py, hot_sectors_today.py, sector_rank.py, test_600323.py). That means importing or executing the package may immediately perform outbound HTTP requests and print data. There are no instructions to read local files or access environment variables, and the code does not exfiltrate data to unexpected endpoints — only to public finance APIs (sina/eastmoney). Still, auto-running network calls on import is surprising and can be a risk in some integration contexts.
Install Mechanism
No installer is provided (instruction-only / code files only). No downloads from arbitrary URLs, no package installs declared. package.json lists no dependencies. This is low install risk.
Credentials
The skill requests no environment variables, no credentials, and no config paths. The external network calls are to public finance APIs (hq.sinajs.cn and push2.eastmoney.com) which fit the stated purpose. There are no hidden API keys or secret requirements.
Persistence & Privilege
Flags are normal: always:false and user-invocable:true. The skill does not request persistent system privileges or modify other skills' configs. Autonomous invocation is permitted by default but not combined with other high-risk items here.
What to consider before installing
This skill appears to implement stock and sector queries and uses public Sina / Eastmoney endpoints, but exercise caution: (1) The codebase mixes data sources (Sina and Eastmoney) which is not documented in SKILL.md — confirm which API you prefer. (2) Several Python files perform network requests when the module is loaded (they call their main functions at the bottom). If the platform imports these files, they may make outbound HTTP calls immediately; prefer a skill that exposes explicit entry points without side-effectful top-level code. (3) There is a mismatch in owner metadata between registry info and _meta.json — that could be innocent (copy/paste) but reduces provenance. Recommended actions before installing: review the code yourself or run it in a sandboxed environment, remove or refactor top-level execution if you plan to import the package, and confirm the author/source. If you need stronger guarantees, ask the publisher for a clear source repository and a versioned release signed/hosted on a trusted site.

Like a lobster shell, security has layers — review code before you run it.

latestvk970be26qp9752r6nsq1arybkn83bfn0
121downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@make453
latest
Download

东方财富股票查询

使用东方财富API获取股票数据。

支持的查询类型

  • 个股行情:股票代码、现价、涨跌、成交量、成交额
  • 涨跌幅排行:当日涨跌幅排名
  • 自选股查询:用户关注的股票信息

使用方式

直接问我股票相关问题,例如:

  • "600519现在多少钱?"(查询茅台股价)
  • "今天涨幅最高的股票"
  • "帮我查一下腾讯的股票"
  • "A股今天怎么样?"

注意事项

  • 支持A股、港股、美股
  • 港股代码加.HK,美股代码加.N
  • 数据有几分钟延迟

Comments

Loading comments...