akshare-stock
Security checks across malware telemetry and agentic risk
Overview
This stock-data skill appears purpose-aligned, but users should notice it relies on an unpinned third-party Python package and has inconsistent package metadata.
This appears to be a straightforward stock-market data helper. Before installing, verify the package identity because the registry and bundled metadata differ, and consider pinning the AkShare dependency version rather than installing the latest package blindly.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the dependency may pull whatever current AkShare package version is available from the package index, which can change over time.
The skill asks users to install a third-party Python package without a pinned version. This is directly related to the skill's stated purpose, but users should be aware of ordinary package supply-chain and version-drift risk.
pip install akshare
Install from a trusted package index and consider pinning a known-good AkShare version in a controlled environment.
Users may have less clarity about which package identity or version they are installing.
The bundled metadata differs from the registry metadata, which lists a different owner ID, slug, and version. This does not show unsafe runtime behavior, but it is a provenance inconsistency users may want to verify.
"ownerId": "kn7cv6afang2nh65cp9nasa5f9823tqc", "slug": "akshare-stock", "version": "1.0.1"
Confirm the package identity, publisher, and version before installing, especially because the source and homepage are not provided.