ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

股票全面分析

v2.1.0

股票全面分析 v2.1 - 港股/美股/A股 + 富途数据源 + 技术指标 + 综合报告(7大板块)

0· 246·0 current·0 all-time
by@gaoren36-arch

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for gaoren36-arch/gaoren-stock-advanced.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "股票全面分析" (gaoren36-arch/gaoren-stock-advanced) from ClawHub.
Skill page: https://clawhub.ai/gaoren36-arch/gaoren-stock-advanced
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: python, curl
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install gaoren-stock-advanced

ClawHub CLI

Package manager switcher

npx clawhub@latest install gaoren-stock-advanced
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
Name/description (stock analysis for HK/US/A shares) matches the code and SKILL.md: scripts fetch quotes, compute indicators and summarize news. Required binaries (python, curl) are appropriate.
!
Instruction Scope
SKILL.md emphasizes using Futu via browser and lists python/curl, but the shipped Python files perform many direct network requests (qt.gtimg.cn, finnhub.io, ai.6551.io, searchapi.eastmoney.com, api.longbridgeapp.com, hq.sinajs.cn). Several debug/test scripts and some modules perform network I/O at import/run time (e.g., company_info.py prints data immediately). The SKILL.md does not declare or document the embedded API token(s) or some of these third‑party endpoints; that grants the code broad network access beyond the simple browser link guidance.
Install Mechanism
No install spec is present (instruction-only plus code files). No external binaries or archive downloads are staged by an installer — lower install risk. However, the repository contains runnable Python scripts which will execute network calls when run.
!
Credentials
Code contains a hard-coded Finnhub API key string ('d6nucg1r01qse5qn5e90d6nucg1r01qse5qn5e9g') appearing in multiple files, yet SKILL.md/requires.env declare no credentials. Some scripts also reference environment variables (FINNHUB_API_KEY, LONGBRIDGE_ACCESS_TOKEN) but these are not documented in the skill manifest. Hard-coded keys in distributed code are a secret-management and provenance concern: you may be using someone else's key (rate limits, billing, or revoked keys), and it reveals a credential in plain text inside the package.
Persistence & Privilege
Skill is not always:true, is user-invocable, and does not request persistent system privileges or edit other skills. There is no evidence it modifies system-wide configs; privilege level is typical for a user-run script.
What to consider before installing
Key issues to consider before installing or running this skill: - Hard-coded API key: Multiple source files include a plain-text Finnhub API key. This is undocumented in the manifest and could be someone else's key. Do NOT assume it's safe or private — ask the author to remove it and require users to provide their own FINNHUB_API_KEY via environment variables. - Undeclared environment variables: Some scripts read FINNHUB_API_KEY and test_longbridge.py reads LONGBRIDGE_ACCESS_TOKEN. The skill's requires.env lists none. Confirm which API tokens you must supply and prefer env vars over embedded keys. - Network calls to third parties: The code queries endpoints beyond well-known providers (e.g., ai.6551.io for news). Verify these endpoints' trustworthiness and privacy policy before running as they will see your requests and any tokens you supply. - Runnable test/debug scripts: Several debug/test files (company_info.py, test_*.py, debug_*.py) perform network I/O on import/run and print data. Only run the specific main script you trust (e.g., analyze_stock.py) and review other scripts first. - Secret hygiene & provenance: Ask the author for provenance of the included API key and for an explanation why it was embedded. If you must run the skill, do so in a sandboxed environment and rotate any keys you use. Prefer to set FINNHUB_API_KEY in your environment rather than relying on the package's hard-coded token. - Minimal steps to reduce risk: (1) Inspect and remove/replace hard-coded keys in the code; (2) run only the intended script(s) in a network‑restricted sandbox until you confirm endpoints; (3) request the author to document required env vars and endpoints in SKILL.md; (4) verify third-party endpoints (ai.6551.io, qt.gtimg.cn, futunn.com, finnhub.io, eastmoney) are acceptable for your data/usage policy. If you want, I can point to the exact files/lines that contain the hard-coded key and list all external URLs the package contacts so you can review them more easily.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binspython, curl
latestvk97bwqfr2gbrev4kfs26yga79x836dxm
246downloads
0stars
1versions
Updated 7h ago
v2.1.0
MIT-0
@gaoren36-arch
latest
Download

Stock Analyst - 智能股票分析系统 v2.1

简介

智能股票分析助手,支持港股、美股和A股实时行情查询,采用富途(Futu)作为主要数据源,确保数据准确可靠。

数据源说明

港股数据 (推荐)

美股数据

  • 数据源: Finnhub API
  • 备用: 富途牛牛

A股数据

  • 数据源: 腾讯财经API

功能特性

1. 实时行情 (富途核实)

  • 当前价格、涨跌幅
  • 总市值、市盈率
  • 52周高低点
  • 资金流向

2. 技术指标

  • RSI(14)、MACD
  • 均线(MA5/10/20)
  • 支撑位/阻力位

3. 分析师评级

  • 强力推荐/买入/持有/卖出比例
  • 目标价(最高/平均/最低)
  • 上涨空间计算

4. 综合报告 (7大板块)

  1. 基本信息
  2. 实时行情
  3. 技术指标
  4. 同类公司对比
  5. 行业背景
  6. 综合判断
  7. 操作建议

支持的股票代码

港股 (5位数代码)

股票代码
波司登03998
平安好医生01833
众安在线06060
京东物流02618
腾讯00700
阿里巴巴09988
美团03690

美股 (英文代码)

股票代码
京东JD
阿里巴巴BABA
特斯拉TSLA
苹果AAPL
英伟达NVDA

A股 (6位数代码)

股票代码
中国石油601857
贵州茅台600519
宁德时代300750
比亚迪002594

使用方式

直接对话分析港股

分析 03998 波司登
查一下01833
分析港股 00700

命令行

python analyze_stock.py 03998

响应示例

=================================================================
  波司登 (03998.HK) 全面分析报告
=================================================================

【基本信息】
  股票名称: 波司登国际控股有限公司
  股票代码: 03998.HK
  行业: 服装/羽绒服

【实时行情】
  当前价格:  HK$4.13
  涨跌额:    +HK$0.04 (+0.98%)
  总市值:    HK$482.53亿
  市盈率TTM: 12.33

【技术指标】
  日涨跌幅: +0.98% (小幅上涨)
  距目标价: +39% (HK$5.74)

【同类公司对比】
  (服装板块对比数据)

【行业背景】
  羽绒服高端化趋势
  国产品牌崛起

【综合判断】
  分析师: 强力推荐 91.43%
  评分: 70/100

【操作建议】
  评级: 建议买入
  目标价: HK$5.74
  止损: HK$3.80

=================================================================

版本历史

  • v2.1.0: 新增富途数据源,港股数据准确可靠
  • v2.0.0: 整合技术指标和新闻分析
  • v1.0.0: 初始版本,支持港股/美股行情查询

Comments

Loading comments...