ClawHub

悟道 · A股涨停板

v1.0.1

悟道 · A股涨停板:涨停梯队、连板、炸板池、跌停池、冲刺涨停、涨跌停统计、最强风口、封板事件流、涨停筛选、涨停溢价。Use when: user asks about A股, 涨停, limit-up boards, limit-up ladder, broken limit-up, limit-down st...

0· 89·0 current·0 all-time
bywudao@jcdreamjc
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description = limit-up board data for A-shares. The declared environment variables (LB_API_KEY, LB_API_BASE) map directly to the documented HTTP API endpoints (stock.quicktiny.cn). No unrelated binaries, credentials, or file paths are requested.
Instruction Scope
SKILL.md contains concrete CURL examples and endpoint descriptions limited to the stated domain and data types. Instructions only direct the agent to use the listed endpoints and to prompt the user to configure the required env vars if missing. The doc does not instruct the agent to read unrelated local files, other env vars, or to exfiltrate data to unknown endpoints.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is written to disk or downloaded. This is the lowest-risk install pattern.
Credentials
The skill requires only an API key and a base URL (LB_API_KEY, LB_API_BASE), which are proportionate to a third-party REST API integration. Note: LB_API_BASE is configurable — if a user points it to an attacker-controlled URL it could be used to redirect requests or exfiltrate data. Only set LB_API_BASE to the official provider URL and avoid reusing sensitive credentials across services.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request permanent or platform-wide privileges. Autonomous invocation is allowed (platform default) but not combined with other red flags.
Assessment
This skill is coherent: it simply documents how to call a third-party A-share limit-up data API and needs an API key and base URL. Before installing: 1) confirm you trust the provider (https://stock.quicktiny.cn) and its terms; 2) set LB_API_BASE only to the official API URL (the SKILL.md suggests https://stock.quicktiny.cn/api/openclaw) to avoid redirecting requests to an attacker-controlled endpoint; 3) store LB_API_KEY securely (use an ephemeral or low‑privilege key if available), do not paste secrets into chat history, and rotate the key if you stop using the skill; 4) if you want to limit risk further, restrict the agent's ability to run network calls or require manual invocation rather than autonomous runs.

Like a lobster shell, security has layers — review code before you run it.

latestvk9738bb5205wmzh271d5j6tsqd83hneb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔥 Clawdis
EnvLB_API_KEY, LB_API_BASE

Comments