ClawHub

Eastmoney Financial Search

v1.0.0

Search and retrieve timely financial news, reports, announcements, and policy analyses based on user queries from Eastmoney data.

0· 606·2 current·2 all-time
by@yunduanmanbu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name, description, SKILL.md and the included script all implement a search against an Eastmoney-like API for financial news; required capabilities (network access, optional file save) are consistent with that purpose.
Instruction Scope
SKILL.md and the sample show how to call the external API and optionally save results. The included script follows this scope, but the script contains a bug: it uses Request(...) without importing Request (top of file imports urllib.request but not Request), which will cause a NameError at runtime. No instructions attempt to read unrelated files or credentials beyond the EASTMONEY_APIKEY.
Install Mechanism
No install spec — instruction-only plus a small script. Nothing is downloaded or written to system paths by an installer.
Credentials
The skill expects an EASTMONEY_APIKEY (documented and embedded as a default in SKILL.md and the script). However, the registry metadata does not list any required env vars, which is an inconsistency. Embedding a default API key in code/documentation is potentially sensitive (may be a public/demo key, but you should not rely on it).
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and only writes output files to the working directory when saving results. Autonomous invocation defaults are unchanged.
Assessment
This skill appears to do what it says (query Eastmoney-ish API and optionally save results), but check these before installing: 1) The script embeds a default EASTMONEY_APIKEY — set your own key in EASTMONEY_APIKEY if you have one; do not assume the embedded key is private or unlimited. 2) The registry metadata did not declare the EASTMONEY_APIKEY requirement — that's a bookkeeping mismatch. 3) The included Python script has a bug (uses Request without importing it) — fix the import (from urllib.request import Request or use urllib.request.Request) before running. 4) The skill sends queries to https://mkapi2.dfcfs.com; if you require strict network policies, verify that endpoint. 5) The script can write files to the current working directory; run it in a safe/isolated directory if you are concerned. If you want higher assurance, request the publisher to (a) declare the env var in metadata, (b) remove or rotate any embedded demo key, and (c) fix the import bug and publish updated code.

Like a lobster shell, security has layers — review code before you run it.

latestvk9726a1w9hqej57p7cz912dach83gh4a

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments