ClawHub
Back to skill
v1.0.0

蜡烛图分析

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:38 AM.

Analysis

The skill appears to fetch public stock-market data and generate candlestick charts, with no evidence of credential use, persistence, or destructive actions.

GuidanceBefore installing, verify that you trust the skill source and install its Python dependencies from reputable sources. The visible behavior is limited to fetching public stock data and producing chart analysis, so treat the output as informational rather than as financial advice.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
install spec
No install spec — this is an instruction-only skill.

The script relies on third-party Python packages, but the artifacts do not declare package versions or an installation source. This is not suspicious by itself, but it leaves dependency provenance to the user.

User impactIf dependencies are installed manually, the user must trust the package source and versions they choose.
RecommendationInstall required Python packages only from trusted sources and prefer pinned versions in a controlled environment.
Tool Misuse and Exploitation
SeverityInfoConfidenceHighStatusNote
蜡烛图工具.py
df = ak.stock_zh_a_hist_tx(symbol='sh'+code, start_date=start_date, end_date=end_date)

The script sends the requested stock code and date range to an external market-data provider through akshare. This matches the stated charting purpose and does not show credential or sensitive local data use.

User impactThe stock symbol being analyzed may be sent to the external data provider used by akshare.
RecommendationUse the skill for public ticker analysis and avoid entering private or sensitive identifiers as the stock code.