A Stock Trading Assistant
Security checks across malware telemetry and agentic risk
Overview
The skill appears to be a legitimate A-share market assistant, but it will call third-party market-data sites and can save price alerts for later use.
This skill looks purpose-aligned for A-share quote lookup and analysis. Before installing, be comfortable with third-party market-data requests, unknown source provenance, and persistent watchlist storage. Do not provide brokerage passwords, API keys, or other account credentials, and verify any trading recommendation before acting on it.
VirusTotal
65/65 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Stock queries may be sent to public finance websites, and the assistant's analysis depends on those external responses.
The skill directs the agent to run an included helper or use web_fetch to retrieve market data. This is central to the stock-assistant purpose, but users should expect external requests to third-party data providers.
优先用 `scripts/fetch_stock.py` 脚本获取实时数据。如脚本执行失败,改用 `web_fetch` 直接访问数据源。
Use it for public ticker and market questions, avoid entering brokerage credentials or private account data, and verify important trading decisions independently.
Your watched stocks, target prices, and alert conditions may remain available to the assistant across later sessions.
The skill stores alert conditions in a persistent file and reuses them in later conversations. This is expected for price alerts, but it can preserve sensitive investment interests or targets.
记录目标价、预警条件(突破/跌破/放量)到 `references/watchlist.md` ... 在后续对话中主动核对预警状态
Only save alerts you are comfortable persisting, and periodically review or delete the watchlist if it contains sensitive financial intentions.
You have less external context for who maintains the skill or where updates come from.
The registry metadata does not provide a known source repository or homepage. The included behavior is still coherent and no hidden installer is shown, but provenance is limited.
Source: unknown Homepage: none
Inspect the included files before use and prefer trusted or verifiable sources for skills that influence financial decisions.