ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Hong Kong Stock Market HKEX

v1.0.0

Get HKEX (Hong Kong Stock Exchange) market data via FinanceAgent on OneKey Gateway.

0· 120·0 current·0 all-time
by@ai-hub-admin

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for ai-hub-admin/hk-stock-market-hkex.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Hong Kong Stock Market HKEX" (ai-hub-admin/hk-stock-market-hkex) from ClawHub.
Skill page: https://clawhub.ai/ai-hub-admin/hk-stock-market-hkex
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install hk-stock-market-hkex

ClawHub CLI

Package manager switcher

npx clawhub@latest install hk-stock-market-hkex
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's stated purpose (fetch HKEX data via the OneKey FinanceAgent) aligns with the runtime instructions: it requires a OneKey gateway API key and uses an aiagenta2z/financeagent API. That environment variable and the provided API endpoint are coherent with the described functionality.
Instruction Scope
SKILL.md only instructs exporting a single gateway API key, installing/using an npm package, and calling the OneKey agent endpoint (or using the provided curl). It does not instruct reading unrelated files, broad system probes, or exfiltrating data to unexpected endpoints; the external endpoint referenced (https://agent.deepnlp.org/agent_router) is consistent with the OneKey gateway usage.
Install Mechanism
The skill recommends installing an npm package (@aiagenta2z/onekey-gateway) globally. npm packages are a moderate risk because they execute code from a registry; the package name looks consistent with the agent referenced, but the registry metadata previously supplied to the catalog claimed 'No install spec'. That metadata mismatch and the fact the package will run code on the host warrant review of the npm package source before installation.
!
Credentials
The SKILL.md requires a single env var (DEEPNLP_ONEKEY_ROUTER_ACCESS), which is appropriate for a gateway API. However, the skill registry metadata at the top of the submission listed 'Required env vars: none' and 'No install spec', which contradicts SKILL.md. This discrepancy (manifest claims no credentials but SKILL.md requires a gateway key) reduces confidence and should be resolved before use.
Persistence & Privilege
The skill does not request always:true, does not ask to modify other skills or system-wide settings, and is user-invocable. Autonomous invocation is allowed by default but is not an additional red flag here.
What to consider before installing
This skill appears to do what it claims — call a OneKey FinanceAgent to get HKEX data — but two things deserve caution: (1) SKILL.md requires DEEPNLP_ONEKEY_ROUTER_ACCESS and an npm package (@aiagenta2z/onekey-gateway), but the registry metadata incorrectly claimed no env vars or install steps; confirm which is authoritative before installing. (2) The npm package will run code on your machine; inspect the package source (or prefer calling the gateway via curl) and limit the scope of the OneKey API key (use least privilege / short-lived token if possible). If you don't trust the npm package or cannot verify it, use the curl example against the listed endpoint instead and keep the gate key secret.

Like a lobster shell, security has layers — review code before you run it.

latestvk97eekn5nzfw42aet759qw63gs83wsnb
120downloads
0stars
1versions
Updated 4w ago
v1.0.0
MIT-0
@ai-hub-admin
latest
Download

OneKey Gateway

Use one access key to connect to various commercial APIs via the DeepNLP OneKey Agent Router.

Quick Start

Set your OneKey Access Key

export DEEPNLP_ONEKEY_ROUTER_ACCESS=your_access_key

Common settings:

  • unique_id: aiagenta2z/financeagent
  • api_id: get_hk_stock_market_hkex

Tool

get_hk_stock_market_hkex

Get HKEX (Hong Kong Stock Exchange) stock market data.

Parameters:

  • symbol_list (array of string, required): Stock symbols to query.
    • For HKEX, this is typically the numeric stock code as a string (to preserve leading zeros if present), e.g. "700", "1024".
    • Example: ["700", "1024"]

Response (JSON):

  • success (boolean): Whether the request succeeded.
  • data (array): List of stock quote objects (fields depend on the upstream data source).
  • message (string, optional): Error message when success=false.

Usage

CLI Usage

## install onekey agent gateway
npm install @aiagenta2z/onekey-gateway

## CLI to Call API and Symbol List
npx onekey agent aiagenta2z/financeagent get_hk_stock_market_hkex '{"symbol_list": ["700", "1024"]}'

HTTP (curl) Usage

export DEEPNLP_ONEKEY_ROUTER_ACCESS=your_access_key

curl -v -X POST "https://agent.deepnlp.org/agent_router" \
  -H "Content-Type: application/json" \
  -H "X-OneKey: $DEEPNLP_ONEKEY_ROUTER_ACCESS" \
  -d '{
    "unique_id": "aiagenta2z/financeagent",
    "api_id": "get_hk_stock_market_hkex",
    "data": {
      "symbol_list": ["700", "1024"]
    }
  }'

Comments

Loading comments...