ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Finance Reporter Publish

v1.0.1

实时财经数据推送工具。使用Yahoo Finance API获取全球股市、外汇、大宗商品、加密货币实时行情,支持定时推送到钉钉/微信。包含股票代码、货币单位、实时价格、24h前/昨收价格、涨跌幅。支持标的:纳指、道指、美元指数、黄金、比特币、沪指、恒生、日经、人民币/美元汇率、原油。

0· 112·0 current·0 all-time
by@jfstylejf

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for jfstylejf/finance-reporter-publish.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Finance Reporter Publish" (jfstylejf/finance-reporter-publish) from ClawHub.
Skill page: https://clawhub.ai/jfstylejf/finance-reporter-publish
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: python3, curl
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install finance-reporter-publish

ClawHub CLI

Package manager switcher

npx clawhub@latest install finance-reporter-publish
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The SKILL and README claim built-in '定时推送到钉钉/微信' (push to DingTalk/WeChat), but the included Python script only fetches data and prints a report — there is no code to post to DingTalk/WeChat or to any webhook. The skill declares required binary 'curl' though the script uses Python requests and never calls curl. package.json lists a Python requests dependency under an npm-style manifest which is incongruent with a Python-only tool. These mismatches suggest either missing integration code (relying on external agent plugins) or sloppy packaging.
Instruction Scope
Runtime instructions show running the Python script and scheduling it via openclaw cron; they do not instruct providing webhook URLs, tokens, or environment variables for DingTalk/WeChat. The instructions mention '钉钉插件已配置' and agent bindings, implying push may be handled outside the script by platform bindings — this is plausible but not documented in the skill itself, which is a gap users should be aware of.
Install Mechanism
This is an instruction-only skill with no download/install steps and a single small Python script. No remote installation or archive extraction is specified, so install risk is low. The only small oddity is an npm-style package.json that doesn't match the Python implementation but it does not introduce an install action.
!
Credentials
The skill requests no environment variables, but claims push-to-messaging features that normally require webhook URLs or tokens. That absence is suspicious: either the platform is expected to supply bindings (not documented here), or the skill is incomplete. Also, requiring 'curl' in metadata is disproportionate because the script uses Python's requests and doesn't call curl.
Persistence & Privilege
The skill does not request always:true and does not declare any privileged config paths. It appears to be a normal user-invocable skill with standard autonomous invocation allowed by platform defaults.
What to consider before installing
What to check before installing or using this skill: - Understand the missing push implementation: the provided script fetches and prints Yahoo Finance data but does not send messages to DingTalk/WeChat. If you need automatic pushing, ask the author or inspect your OpenClaw agent bindings to see how messages are expected to be delivered (webhook config or separate plugin). - Do not assume secrets are handled: the skill declares no env vars for webhooks/tokens. If the platform will provide them via agent bindings, verify where those secrets are stored and who can read them. Never paste webhook tokens into an untrusted skill folder. - The metadata asks for curl but the script uses Python requests — this is a harmless mismatch but indicates sloppy packaging. The package.json is npm-style and lists 'requests' (a Python package) which is inconsistent; ignore or review it manually. - If you want to use pushes, either: (a) add explicit code to post to your DingTalk/WeChat webhook (and store the webhook in a secure env var or agent binding) and review that code, or (b) confirm the platform will handle pushes and inspect the platform-side binding/plugin code. - As a precaution, run the script locally (not as an always-on privileged agent) to confirm output and network targets (it calls only query1.finance.yahoo.com). Review logs and network activity in a sandbox before enabling scheduled runs that might send data to external services. What would raise confidence: - Clear documentation or code showing how DingTalk/WeChat webhooks are provided (where tokens live and how they’re protected). - Removal of the incorrect curl requirement and a corrected manifest (or explanation why package.json exists). - If push functionality is required, seeing the explicit posting code in the skill (or verified secure platform bindings) so you can audit it.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

📈 Clawdis
Binspython3, curl
latestvk970vm66fa8jc4vkgb8xj82tgs83dx4c
112downloads
0stars
1versions
Updated 1mo ago
v1.0.1
MIT-0
@jfstylejf
latest
Download

Finance Reporter - 实时财经数据推送

📈 专业的财经数据获取与推送工具,支持全球主要金融市场实时行情。

✨ 功能特性

  • 全球覆盖:美股、A股、港股、日股、外汇、大宗商品、加密货币
  • 实时数据:Yahoo Finance API,数据准确及时
  • 智能计算:自动计算涨跌幅,股票显示"昨收",加密货币显示"24h前"
  • 定时推送:支持 cron 定时任务,自动推送到钉钉/微信
  • 重试机制:网络失败自动重试3次
  • 货币单位:自动显示 USD/CNY/HKD/JPY 等货币符号

📊 支持标的

类别标的代码货币市场类型
🇺🇸 美股指数纳指^IXICUSD股票
🇺🇸 美股指数道指^DJIUSD股票
💵 外汇美元指数DX-Y.NYB-外汇
💵 外汇人民币/美元CNY=X-外汇
🪙 加密货币比特币BTC-USDUSD加密(24h)
🏆 大宗商品黄金GC=FUSD期货
🏆 大宗商品原油CL=FUSD期货
🇨🇳 A股沪指000001.SSCNY股票
🇭🇰 港股恒生^HSIHKD股票
🇯🇵 日股日经^N225JPY股票

🚀 快速开始

1. 手动获取数据

# 运行脚本获取实时数据
python3 ~/.openclaw/workspace/skills/finance-reporter/tools/finance_data.py

2. 钉钉群调用

在钉钉群中 @你的机器人:

@finance 获取实时财经数据

3. 配置定时任务

# 每天 09:01 自动推送
openclaw cron add \
  --name "finance_daily" \
  --schedule "01 9 * * *" \
  --command "python3 ~/.openclaw/workspace/skills/finance-reporter/tools/finance_data.py"

📋 输出格式示例

📊 实时财经数据 [2026-03-20 09:01]
💡 数据来源: Yahoo Finance API

🇺🇸 美股指数
----------------------------------------
📉 纳指
   代码: ^IXIC
   现价: $21,979.21
   昨收: $22,152.42
   涨跌: -173.21 (-0.78%)

📉 道指
   代码: ^DJI
   现价: $45,884.29
   昨收: $46,225.15
   涨跌: -340.86 (-0.74%)

🪙 加密货币
----------------------------------------
📉 比特币
   代码: BTC-USD
   现价: $69,296.45
   24h前: $71,245.58
   涨跌: -1,949.13 (-2.74%)

⚙️ 配置说明

环境要求

  • Python 3.8+
  • requests 库

安装依赖

pip3 install requests

自定义标的

编辑 tools/finance_data.py 中的 SYMBOLS 字典:

SYMBOLS = {
    "纳指": {"code": "^IXIC", "currency": "USD", "market": "stock"},
    "道指": {"code": "^DJI", "currency": "USD", "market": "stock"},
    # 添加你的标的...
    "特斯拉": {"code": "TSLA", "currency": "USD", "market": "stock"},
}

市场类型说明

  • stock:股票/指数,显示"昨收"
  • crypto:加密货币,显示"24h前"
  • commodity:大宗商品,显示"昨收"
  • forex:外汇,显示"昨收"

📡 数据来源

  • Primary: Yahoo Finance API(免费,实时)
  • 数据更新: 实时
  • API限制: 无限制,但请合理使用

🔧 故障排除

数据获取失败

  • 检查网络连接
  • 脚本会自动重试3次
  • 查看错误日志:openclaw logs

钉钉推送失败

  • 确认钉钉插件已配置
  • 检查群ID是否正确
  • 查看绑定:openclaw agents bindings

📝 更新日志

v1.0.0 (2026-03-20)

  • ✅ 支持10个主要标的
  • ✅ 智能涨跌幅计算
  • ✅ 定时任务推送
  • ✅ 钉钉集成
  • ✅ 重试机制

🤝 贡献

欢迎提交 PR 和 Issue!

📄 许可证

MIT License

Comments

Loading comments...