ClawHub

stockClaw-yingyan 股票量化助手,可以获取个股择时量化图,个股行情分析,AI搜索特定股票,监控股买卖点变化通知。

v1.1.4

为该股票量化项目提供 OpenClaw 接入说明,支持股票量化图生成、股票行情问答、自然语言 AI 搜股与 WebSocket 实时监控信号推送。凭证须从与本 Skill 同目录的 config.json 中 openclawCredentials 读取:user_id 与 openClaw_api_key 为必...

0· 352·1 current·1 all-time
by@woshixihongtu-cyber
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (stock quant, charts, market Q&A, NL stock search, WS monitoring) match the declared endpoints and the config.json values (openClaw_api_key for HTTP, monitor_api_key for WS). No unrelated credentials, binaries, or surprising services are requested.
Instruction Scope
SKILL.md instructs the agent to read and write a local config.json's openclawCredentials and to include the keys as apikey parameters to the documented HTTP/WebSocket endpoints. That file I/O is within the scope of the skill but is persistent — users should be aware API keys are stored on disk.
Install Mechanism
No install spec or external downloads; instruction-only skill (no code files executed). This is the lowest install risk.
Credentials
No environment variables or unrelated secrets are requested. The required credentials (user_id, openClaw_api_key, monitor_api_key) are specific and proportionate to the stated functionality (HTTP API and WebSocket monitoring).
Persistence & Privilege
The skill persists credentials by writing to the bundled config.json in the skill directory. always:false and no system-wide config changes are requested, but the ability to write the file means credentials will be stored on disk and persist across sessions.
Assessment
This skill is coherent with its purpose, but it will read and write API keys into the local config.json (openclawCredentials). Before installing, ensure you trust the external service (https://yingyan.chatface.com) because the skill will send these keys as 'apikey' when calling the service endpoints. Consider: (1) store minimal-permission keys or rotate keys you provide, (2) ensure config.json is kept private (not uploaded to public repos), and (3) only supply the monitor_api_key if you want WebSocket monitoring. If you need more assurance, verify the service's site and demo pages and remove keys from config.json when no longer needed.

Like a lobster shell, security has layers — review code before you run it.

latestvk971rvyr6n5va2a4exa63rrwj983t5w9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments