china-stock-analyzer
Security checks across malware telemetry and agentic risk
Overview
This appears to be a coherent A-share stock analysis skill, with expected external market-data calls, optional Python package installation, and investment-like signal wording that users should treat cautiously.
Before installing, use a trusted Python environment, be aware that stock queries go to external market-data providers, and treat buy/sell-style outputs as short-term technical reference rather than investment advice.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the setup helper could change the user's Python environment and depends on whatever package versions are available at install time.
If the user runs this helper, it installs unpinned third-party packages into the active Python environment. The packages are purpose-aligned, but unpinned installs are a supply-chain consideration.
REQUIRED_PACKAGES: List[str] = ["akshare", "pandas"] ... subprocess.check_call([sys.executable, "-m", "pip", "install", package])
Use a virtual environment, install from trusted package indexes, and consider pinning dependency versions before production use.
Stock symbols or names the user asks about may be sent to external market-data providers, and results depend on those providers' availability and accuracy.
The skill sends requested stock symbols to an external Sina market-data endpoint. This is disclosed and central to the stated stock quote function.
url = f"https://hq.sinajs.cn/list={codes_str}"Be aware of the external data dependency and avoid using the skill for queries you would not want sent to market-data APIs.
Users could treat generated trading signals as stronger financial advice than intended.
The report template asks the agent to provide clear trading-style signals and actions. This matches the stock-analysis purpose, but it may make users over-rely on technical signals.
signal: strong_buy / buy / hold / sell / strong_sell ... 给出明确建议 ... 抄底 / 观望 / 止损 / 减仓
Keep the documented disclaimer visible, treat outputs as technical analysis only, and verify decisions with broader financial information and personal risk constraints.