A Share Stock Dossier
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent A-share stock research skill with no evidence of hidden credential use, persistence, destructive actions, or data exfiltration, though it does run an included Python data helper and uses external web/market-data sources.
Before installing, be aware that the skill may run its included Python helper and contact Eastmoney, Tencent, and other web sources to build stock reports. Avoid sharing unnecessary personal financial details, verify key market facts yourself, and treat generated buy/hold/sell-style actions as decision support rather than automatic trading advice.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or using the skill may cause the agent to run the included market-data script when preparing reports.
The skill instructs execution of a local Python helper. The included script is readable, dependency-free, and aligned with fetching stock data, so this is a disclosed helper-execution note rather than a concern.
Run: ```bash python skills/a-share-stock-dossier/scripts/a_share_snapshot.py ... --with-indices --with-kline --kline-days 60 --pretty ```
Review the included script if desired, and run it only in the normal skill context with stock codes you intend to analyze.
Search queries and visited pages may be sent to external web services, and retrieved web content may shape the analysis.
The skill directs broad web and browser use to gather evidence. This is expected for financial research and is paired with source-quality rules, but users should know external content can influence the report.
Tool order: - `web_search` discover - `web_fetch` extract正文 - `browser` for JS-heavy/anti-bot/paginated/incomplete extraction
Avoid including unnecessary personal portfolio details in search terms, and prefer official or mainstream sources as the skill already recommends.
Users have less external provenance context for the skill publisher or project homepage.
The registry provenance is limited. The supplied artifacts include the helper source and show no hidden dependencies or remote installer, so this is a provenance notice rather than a security concern.
Source: unknown Homepage: none No install spec — this is an instruction-only skill.
Rely on the visible artifacts for review, and install only if the publisher and included script meet your trust expectations.
A user could place too much trust in the report and make investment decisions based on model output.
The skill intentionally produces analyst-style and actionable stock guidance. It also requires evidence binding and uncertainty notes, so the language is purpose-aligned but still worth treating cautiously.
Produce professional analyst-style stock reports that are **process-transparent, evidence-bound, and directly executable**.
Use the reports as research support, verify important facts independently, and do not treat generated actions as guaranteed financial advice.