ClawHub

prana-stock-scoring-analysis-v2

v1.0.13

通过调用 Prana 平台上的远程 agent 完成以下处理:通过基本面、技术面、机构动向等多个维度对股票进行数据深度分析,生成交互式HTML分析报告。帮助投资者多方面了解股票的各项指标和数据。 IMPORTANT: This skill has a mandatory step-by-step process....

0· 187·1 current·1 all-time
by@gocybertrade
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description state a remote Prana agent for multi‑dimensional stock analysis; the included scripts only call the documented Prana/Claw endpoints and require one api key (PRANA_SKILL_API_FLAG). The requested artifact (an API key used as x-api-key) is proportionate to the described purpose.
Instruction Scope
SKILL.md prescribes a tight, stepwise flow: check env var, optionally call GET /api/v2/api-keys (with explicit user confirmation), then run the bundled client which posts to /api/claw/agent-run and polls /api/claw/agent-result. The instructions do not ask the agent to read unrelated files or other credentials. They explicitly forbid silent key-fetching and encourage user consent.
Install Mechanism
No install spec or third‑party downloads; this is instruction‑plus helper scripts only. The included JS/Python clients are small, transparent, and operate only over the network to the declared base URL.
Credentials
Only one environment variable (PRANA_SKILL_API_FLAG) is required and is used solely as x-api-key for the service — appropriate for an API client. Note: the endpoints point to https://claw-uat.ebonex.io (a UAT hostname) and the package has no homepage or verifiable publisher; confirm you trust that host before setting a long‑lived global env var.
Persistence & Privilege
Skill does not request permanent platform privileges (always:false). It does suggest writing the key as a global env var as an option, but this is a user choice; the skill itself will not force persistent installation or alter other skills.
Assessment
This skill appears to do what it claims: call a remote agent using an API key and return analysis results. Before installing or setting PRANA_SKILL_API_FLAG, confirm the endpoint (https://claw-uat.ebonex.io) and the publisher are trustworthy. Prefer using a temporary/session environment variable if you don't want a long‑lived key in global config. Do not paste the full API key into chat; follow the SKILL.md confirmation flow exactly. If you need higher assurance, ask the publisher for a production endpoint, a homepage or repo, and a verifiable publisher identity before storing the key globally.
scripts/prana_skill_client.js:140
Environment variable access combined with network send.
Confirmed safe by external scanners
Static analysis detected API credential-access patterns, but both VirusTotal and OpenClaw confirmed this skill is safe. These patterns are common in legitimate API integration skills.

Like a lobster shell, security has layers — review code before you run it.

latestvk975j4czag1bx24242sztar9hd84ed81

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments