Stock Monitor Skill 0.1.0
v1.0.0全功能智能股票监控预警系统。支持成本百分比、均线金叉死叉、RSI超买超卖、成交量异动、跳空缺口、动态止盈等7大预警规则。符合中国投资者习惯(红涨绿跌)。
⭐ 1· 718·13 current·14 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (stock monitoring, seven rules) align with the included Python scripts: monitor.py, analyser.py, monitor_daemon.py implement data fetching, indicators, and alerts. No unrelated binaries or credentials are requested.
Instruction Scope
SKILL.md and README instruct running scripts/control.sh to start a background daemon and editing a config, which matches the code. Minor issues: README and SKILL.md reference copying/editing config.example.py and RULE_REVIEW_REPORT.md, but no config.example.py or RULE_REVIEW_REPORT.md appears in the manifest; notification delivery is mentioned generically ("message tool") but no concrete notifier or destination is provided. Test code also inserts an absolute user path (/home/wesley/...) which is environment-specific and likely stale.
Install Mechanism
No install spec (instruction-only style) and no downloaded archives or external installers. Scripts run with system python and standard requests usage; risk is limited to running the included code locally.
Credentials
No required environment variables, no declared credentials, and the code only calls public finance/news HTTP APIs (eastmoney, sina, etc.). No evidence of requests for unrelated secrets or config paths.
Persistence & Privilege
The control script launches a long‑running background daemon and creates $HOME/.stock_monitor logs and a PID file — expected for a monitor but worth noting because it runs continuously and writes to the user's home. always:false and no cross-skill config modification are present.
Assessment
This skill appears to be a legitimate stock-monitoring daemon that fetches public market/news data and sends alerts. Before installing or running it: 1) Inspect the code and confirm you’re comfortable running a background process that writes to $HOME/.stock_monitor and creates a PID file. 2) Note README/SKILL.md mention config.example.py and a RULE_REVIEW_REPORT.md that are not present — create or review a config file (and remove any hardcoded personal paths) before starting. 3) Search the code for any notification/send functions to see where alerts would be delivered (no notifier endpoint is clearly configured). 4) Run the test suite and code in an isolated environment or container first (the test suite contains an absolute path to /home/wesley that you should remove). 5) If you need network isolation, audit which external domains (eastmoney, sina, push2.eastmoney, etc.) the scripts contact and consider firewall or proxy rules. If you want, I can point to the exact lines that reference missing files, the hardcoded path in tests, and the notification placeholder so you can edit them prior to running.Like a lobster shell, security has layers — review code before you run it.
latestvk97fz7h1n0f5f7z0whe9pf4ns981w9n7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.