financial-report-analysis
v1.0.2上市公司财务报表智能分析 - 自动解析资产负债表、利润表、现金流量表,生成专业财务分析报告
⭐ 0· 135·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description promise (financial statement analysis) aligns with the provided SKILL.md and the included Python script which implements ratio calculations, risk checks, report formatting and CLI invocation. The SKILL.md mentions optional real-time data sources (Eastmoney/Wind/SEC/Yahoo), which is reasonable as an optional enhancement; the shipped code uses only embedded SAMPLE_DATA, which is consistent with an initial/instruction-only release.
Instruction Scope
SKILL.md describes using external data sources and an optional config for a 'data_source' and cache, but the runtime instructions and the included script do not access network, files, or environment variables: get_financial_data() currently returns SAMPLE_DATA and has TODO comments for API integration. This is a scope note (the skill claims it can pull live data, but the provided code does not yet implement that).
Install Mechanism
No install spec is provided (instruction-only plus a single Python script). Nothing is downloaded or written to disk by an installer; therefore install risk is low.
Credentials
The skill declares no required environment variables or credentials. SKILL.md mentions optional API keys / config for real-time data, but these are not required and not implemented in the shipped code. If you later enable live data, you should expect to provide service-specific API keys—only provide keys you trust and review the integration code first.
Persistence & Privilege
The skill is not marked always:true and is user-invocable only. It does not request persistent system-level presence or modify other skills. Autonomous invocation (disable-model-invocation=false) is the platform default and is not combined with other red flags here.
Assessment
This skill appears coherent and low-risk in its current form: it runs local calculations on embedded sample data, does not contact external endpoints, and asks for no credentials. Before using it for real-time analysis or providing API keys: 1) verify and/or implement the data-source integration code (currently TODO) and confirm which endpoints it will call; 2) never paste production API keys into a skill unless you inspected the code that will use them; 3) if you plan to pay the developer, independently verify the vendor (company name, contact, and payment channels) to avoid scams; and 4) treat outputs as advisory only (the skill includes a disclaimer)—do not rely on it for investment decisions without independent verification.Like a lobster shell, security has layers — review code before you run it.
AIvk9776wa13h29h5q63zp8rvbjmd844b6xanalysisvk972y66q89dcycyj8cfzjtw9ed845jhgautomationvk9776wa13h29h5q63zp8rvbjmd844b6xchinesevk9776wa13h29h5q63zp8rvbjmd844b6xfinancevk972y66q89dcycyj8cfzjtw9ed845jhglatestvk9776wa13h29h5q63zp8rvbjmd844b6xprovk9776wa13h29h5q63zp8rvbjmd844b6xproductivityvk9776wa13h29h5q63zp8rvbjmd844b6xreportvk972y66q89dcycyj8cfzjtw9ed845jhg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.