tushare-finance
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a coherent Tushare market-data helper, but it needs a Tushare API token and local Python package setup that users should manage carefully.
Before installing, expect this skill to use your Tushare token and local Python environment to fetch financial market data. Use a virtual environment, protect the token, and avoid running README commands for helper scripts unless those files are actually included and reviewed.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can use your Tushare account token to request data, and a saved token may remain available to future local processes.
The skill uses a Tushare API token and suggests storing it persistently in a shell profile; this is expected for the service, but it exposes the user's API account/quota if mishandled.
echo 'export TUSHARE_TOKEN="your_token_here"' >> ~/.bashrc
Use a dedicated token if possible, avoid pasting it into chat or logs, keep shell/config files private, and revoke or rotate the token if it is exposed.
When used, the agent may run Python locally to fetch and process financial data.
The skill is allowed to run local Python commands and read files; that is proportionate for a Python-based data API helper, but it is still local execution authority.
allowed-tools:\n - Bash(python:*)\n - Read
Keep usage limited to requested Tushare queries and review any proposed Python command before it runs, especially if it writes files or accesses credentials.
Installing dependencies can add or update code in the user's Python environment.
The setup guidance installs third-party Python packages without pinned exact versions; this is normal for a Tushare integration but depends on external package provenance.
pip install tushare pandas
Install in a virtual environment, use trusted package indexes, and pin or review package versions for reproducible setups.
Some documented commands may fail or may tempt users to fetch additional unreviewed files from elsewhere.
The README documents helper scripts such as quick_query.py and batch_export.py, but the provided manifest only shows scripts/api_client.py under scripts, indicating a packaging/documentation mismatch.
python scripts/quick_query.py --stock 000001.SZ --start 2024-01-01 --end 2024-12-31
Use only files included with the installed skill unless you separately verify any additional scripts from the upstream repository.