iFinD投研-自然语言查询金融数据
v1.0.1使用自然语言查询金融数据,支持A股股票、基金、期货等上市品种,覆盖基本资料、财务数据、日频行情信息、持仓信息及各类分析指标等数据。也支持宏观经济数据,包括世界经济数据、全球经济数据、中国经济数据、区域经济数据、行业经济数据、利率走势数据、商品数据和特色数据等。当需要查询上述金融相关数据查询时使用此 skill。
⭐ 1· 289·0 current·0 all-time
bywenzi@wenzisay
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description, SKILL.md instructions and the included Python script all focus on making HTTP requests to a repilot.51ifind.com API to retrieve financial data. Required binary (python3) and the local config file path (~/.config/ifind-repilot/config.json) are consistent with the stated purpose. The lack of a published homepage or external source URL is noted but does not contradict the declared function.
Instruction Scope
SKILL.md instructs the agent to generate a natural-language query and call the included script; it does not direct the agent to read unrelated files, environment variables, or system-wide configs. Error handling and retry guidance are constrained to the API errors described. The skill does allow configuration via CLI (--set-token, --set-url), which is expected for a networked API client.
Install Mechanism
This is an instruction-only skill with a small included Python script and no install spec; no packages are downloaded or extracted during install. The lack of an installer minimizes install-time risk.
Credentials
No environment variables or unrelated credentials are requested. The skill requires a service auth token (stored in ~/.config/ifind-repilot/config.json) — this is proportional to calling a remote API. Notes: the token is stored plaintext in a user config file and the script sends it in an Authorization header (no 'Bearer' prefix). The script also supports --set-url to change the base URL; if mis-set to an attacker-controlled host, the token and queries could be sent elsewhere (changing the URL requires explicit user action).
Persistence & Privilege
The skill does not request always: true and does not modify other skills or system-wide settings. It writes its own config file under the user's home config directory (~/.config/ifind-repilot), which is normal for a CLI client and within expected scope.
Assessment
The skill appears to do what it says: it runs a small Python client that queries repilot.51ifind.com and stores an auth token in ~/.config/ifind-repilot/config.json. Before installing or using it: 1) Verify you trust repilot.51ifind.com and the token-provision process (the SKILL.md references repilot.51ifind.com but there is no homepage listed for the skill). 2) Do not paste sensitive credentials you reuse elsewhere — the token is stored plaintext locally. 3) Do not run --set-url unless you trust the destination (an attacker-controlled URL could receive your token and queries). 4) Inspect the included scripts (you already have fetch_data.py) and review file permissions on the config file (restrict to your user). 5) If you need higher assurance, request a published source/homepage or vendor verification; otherwise limit usage to non-sensitive tokens and monitor network activity when first using the skill.Like a lobster shell, security has layers — review code before you run it.
latestvk97bhn0f15v69k1b5ybk2yerrh83nws6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔍︎ Clawdis
Binspython3