积存金价格监控助手
Analysis
This skill is a coherent gold-price monitoring helper that fetches public market data, stores local price history, and notifies the user when thresholds are crossed.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.
url = f"http://hq.sinajs.cn/rn={int(time.time()*1000)}&list=gds_AU9999"The script fetches price data over plain HTTP, then uses that data to generate alerts and buy/sell suggestions. This is purpose-aligned, but unauthenticated market data could be tampered with in transit.
Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.
历史基准记录存于 `data/price_history.json`(仅在触发警报或首次记录时保存以用作对比基准,保留 1000 条),开盘价存于 `data/daily_open.json`(保留 30 天)
The skill intentionally stores local baseline data that is reused for future alert decisions. This is disclosed and scoped, but persistent state can affect later outputs if it becomes stale or manually altered.