ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

A Share Guard

v1.1.0

A-Share Guard - 拒绝噪音,穿透迷雾。基于 OpenClaw 3.28 的金融专家级个股风险诊断系统。

0· 26·0 current·0 all-time
by@mx6315909
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description, metadata (web_search, web_fetch, exec) and the included scripts (scanner.py, sentiment.py, f10_scraper.py, consensus.py) are consistent with a financial risk scanner. However SKILL.md and README reference an ashare_audit.py/ashare_audit script that is not present in the file manifest — this mismatch is unexplained and reduces coherence.
!
Instruction Scope
Runtime instructions require web_search/web_fetch and exec; the provided scripts perform HTTP calls to third‑party APIs (eastmoney, push2, Tencent API) and rely on a browserless CDP service. The instructions and code do not ask to read arbitrary local files or environment variables, but they do instruct execution of bundled Python scripts (arbitrary code execution) and expect network access. The missing ashare_audit reference means the SKILL.md's exact runtime command list may be out of sync with the shipped code.
Install Mechanism
There is no install spec (instruction-only), so nothing is downloaded during install. However, the skill includes four Python scripts which the agent is expected to exec; those scripts will run when invoked. Lack of an install step reduces installer-level risk, but the presence of executable code in the bundle means runtime execution can perform network I/O and arbitrary computation.
!
Credentials
The skill declares no required env vars or credentials, which is proportionate for a read-only data scanner. But it hard-codes a browserless CDP URL pointing to http://192.168.3.120:3000 in references/config-template.json and f10_scraper.py (BROWSERLESS_URL). That embeds a local/internal endpoint assumption; if the runtime exposes internal network to the skill, it could be used to contact internal resources. No secrets are requested, however network access to internal addresses is a notable risk.
Persistence & Privilege
The skill does not request always:true and is user-invocable only. It does not declare any operations that modify other skills or system-wide settings. Autonomous invocation (default) is allowed but not combined with other high privileges.
What to consider before installing
This skill appears to be a coherent A‑share risk scanner, but exercise caution: (1) SKILL.md references ashare_audit.py which is not present — ask the author or check for a missing script before running. (2) The code makes network calls to third‑party APIs (eastmoney/push2/Tencent) and expects a browserless CDP at 192.168.3.120:3000 — confirm that endpoint is trustworthy and that you are comfortable allowing the skill to access your network. (3) The bundle contains Python scripts that will be executed by the agent (arbitrary code execution); review those scripts yourself or run them in an isolated environment if you can. (4) If you run this in an environment with access to internal services or sensitive systems, consider restricting network access or running in a sandbox. If you need higher assurance, request a corrected release that removes the ashare_audit mismatch and documents the browserless dependency (or points to an official hosted service).
!
references/config-template.json:39
Install source points to URL shortener or raw IP.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk973tyt5rwwznrj2ep4rhpa0x583y6q6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛡️ Clawdis

SKILL.md

🛡️ A股避雷针 (xiaodi A-Share Guard) v1.1.0

拒绝噪音,穿透迷雾。基于 OpenClaw 3.28 的金融专家级个股风险诊断系统。

🚀 核心价值:为什么你需要它?

普通的 AI 只会复读研报的"唱多"辞令,而 A-Share Guard 采用"冷热数据对冲"逻辑:

数据类型来源作用
冷数据 (Hard Data)ashare_audit.py 穿透财报商誉占比、质押率等红线监测
热数据 (Hot Info)实时联网抓取股东减持、监管函、舆情负面
共识裁决 (Consensus)三方 Agent 闭门会审硬指标踩红线 → 一票否决

🛠️ 三层架构 (Three-Layer Defense)

┌─────────────────────────────────────────┐
│         🛡️ 避雷针共识裁决系统            │
│      冷热对冲,一票否决机制              │
└──────────────┬──────────────────────────┘
               │
   ┌───────────┼───────────┬───────────┐
   ▼           ▼           ▼           
┌────────┐ ┌────────┐ ┌────────┐
│ 📊 第一层│ │ 📰 第二层│ │ ⚖️ 第三层│
│量化审计 │ │舆情穿透 │ │决策判官 │
│Quant   │ │Sentiment│ │Consensus│
└────────┘ └────────┘ └────────┘
     │           │           │
     ▼           ▼           ▼
  冷数据扫描    热数据监控    共识裁决
  (Python)     (Web搜索)    (逻辑判官)
角色任务核心工具输出
📊 量化审计员60天K线/RSI/MA/财务红线扫描exec ashare_audit.py风险评分 + 红旗清单
📰 舆情分析师近7天减持/监管函/负面舆情web_search利空词频 + 情绪偏差
⚖️ 首席风控官判定"估值与基本面"背离Consensus Logic最终信号 + 避雷建议

📦 一键安装 (Install)

npx clawhub install xiaodi-a-share-guard

⌨️ 快速开始

Slash Command(精确触发)

/guard 002460   # 赣锋锂业
/guard sz002460 # 深市代码
/guard 600519   # 贵州茅台

口语化触发(自然对话)

"扫描赣锋锂业的风险"
"002460 有雷吗?"
"帮我避雷比亚迪"
"茅台财务有什么问题?"

两种方式效果相同:

  • /guard → Gateway 直接触发技能
  • 口语化 → Agent 理解意图 → 执行三层会审

📊 专业级输出报告

信号表情化标准

信号表情含义
SAFE🟢评级稳健:按需布局
WARNING🟡谨慎持有:观察背离
RISK红线触发:建议减仓
CRITICAL🔴高度预警:立即规避

输出模板示例

# 🛡️ A股避雷针 · 个股深度诊断报告

**标的:** 赣锋锂业 (002460) | **诊断时间:** 2026-03-31 22:49

---

### 🚨 风控官核心裁决:【🟢 SAFE】

> **核心理由:** PE估值偏高但无财务红线,舆情平稳,可按需布局。

---

### 📉 第一层:量化审计 (Quantitative Audit)

* **财务红线:** ✅ SAFE (商誉: N/A | 质押: N/A)
* **估值水平:** PE-TTM 101.89 (偏高) | PB 3.64 (正常)
* **技术形态:** RSI 64.98 (偏强) | MA20 支撑: 75.50
* **评分:**

基本面: [#########.] 85/100 技术面: [#######...] 70/100


---

### 📰 第二层:舆情穿透 (Sentiment Analysis)

* **关键动态:** 副总裁减持≤4万股(还股权激励贷款)
* **风险隐患:** 无重大利空
* **研报对齐:** ✅ 情绪与数值一致

---

### ⚖️ 第三层:决策判官 (Consensus Logic)

🟢 研报情绪:平稳 (无重大负面) VS 🟢 量化指标:SAFE (无红线触发)

判官结论:无背离 → 稳健信号


---

### 💡 风控官建议 (Advisory)

* **操作指引:** 🟢 按需布局,关注估值回归风险
* **技术防线:** 若有效跌破 **75.50 (MA20)** 位点,考虑减仓
* **关键雷点:** PE-TTM 偏高(估值回归风险)

---

*声明:本报告由 OpenClaw 专家组自动生成,不构成投资建议。*

🎯 背离检测逻辑 (The Disconnect)

核心卖点:当研报情绪与量化指标冲突时,触发"背离预警":

⚖️ 决策判官:逻辑背离确认

🟢 研报:乐观 (80% 买入评级)
   VS  
🔴 量化:恶化 (现金流连续负值 -2.3亿)

判官结论:机构在掩护出货 → 🔴 强烈避雷

背离触发条件

  • 研报评分 < 30 (利好) + 量化评分 ≥ 50 (高危) → CRITICAL_RISK
  • 研报评分 < 50 + 量化评分 ≥ 70 → WARNING

📋 Slash Commands

命令功能说明
/guard [代码]一键扫描三层会审输出报告
/guard-watch [代码]添加监控每日自动扫描
/guard-list查看列表显示监控股票清单

📊 数据源配置

数据类型数据源状态
行情数据东方财富 API✅ 可用
K线数据东方财富 API✅ 可用
研报/新闻web_search✅ 可用
商誉/质押东方财富 F10⚠️ 待 browserless
现金流东方财富 F10⚠️ 待 browserless

🛠️ 技术架构

核心脚本

scripts/
├── ashare_audit.py    # 量化审计脚本(返回 JSON)
├── f10_scraper.py     # F10 数据抓取(browserless CDP)
└── consensus.py       # 共聚判官逻辑

输出数据结构

{
  "signal": "SAFE|WARNING|RISK|CRITICAL",
  "score": {"base": 85, "tech": 70},
  "risk": {"goodwill": null, "pledge": null, "cashflow": []},
  "red_flags": ["PE-TTM偏高"],
  "sentiment": {"score": 20, "bias": "neutral"},
  "consensus": {"disconnect": false}
}

⚠️ 免责声明

本技能提供的风险分析仅供参考,不构成投资建议。投资有风险,入市需谨慎。

三层专家共识流:量化审计员 📊 | 舆情分析师 📰 | 首席风控官 ⚖️

版本: 1.1.0 | 作者: xiaodi | 主页: https://clawhub.ai/skills/xiaodi-a-share-guard

Files

9 total
Select a file
Select a file to preview.

Comments

Loading comments…