GLM-V-Stock-Analyst
v1.0.4股票分析与涨跌预测分析。 在用户表达分析、判断或预测意图时触发,如“分析一下腾讯”、“0700最近走势如何”、“XX能不能买”、“预测一下后续走势”、“生成一份分析报告”等; 支持港股、A股、美股,整合多源数据(包括新闻、基本面、技术面、资金流及宏观信息)进行多维综合分析,输出图文结合、包含可视化图表的结构化分析...
⭐ 0· 244·0 current·0 all-time
by@zai-org
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (multi‑source stock analysis, image + report generation) match the provided files and runtime instructions. The scripts collect market data, generate charts, extract PDF pages, and convert Markdown→HTML/PDF — all consistent with the stated purpose.
Instruction Scope
SKILL.md limits the skill to: locate stock code, run fetch_all.py to collect data into workspace, have the model read summary/data and images, search for relevant news, and produce report.md. Instructions do not ask to read unrelated system files, nor to exfiltrate environment variables. The only environment variable referenced is an optional TUSHARE_TOKEN (for a data source).
Install Mechanism
No platform install spec, but setup.sh creates a Python venv and pip-installs requirements.txt from PyPI (with optional mirror selection). This is expected for a Python tool but carries normal supply‑chain risk of pip packages; the script chooses mirrors by timing (uses curl) and may set --trusted-host for a mirror — benign but worth noting.
Credentials
The skill does not declare required env vars or secrets. It optionally reads TUSHARE_TOKEN from the environment (explained in SKILL.md). No other credentials or unrelated environment/config paths are requested or used.
Persistence & Privilege
Skill is not force‑enabled (always:false) and does not request persistent elevated privileges. Installation creates a local venv and writes outputs into the agent workspace (documented). It does not modify other skills or system-wide agent configs.
Assessment
This skill appears to do what it says: fetch market data, generate charts, and help a model write reports. Before installing: (1) review and run setup.sh in an isolated environment (it will pip install packages into a venv); (2) optional TUSHARE_TOKEN is only needed for tushare data — don’t supply unrelated secrets; (3) the scripts make network requests to public data providers (EastMoney, yfinance, akshare) and can download PDFs you point them at — be cautious with untrusted URLs; (4) note the normal pip supply‑chain risk when installing third‑party packages — consider auditing requirements.txt or using a controlled mirror; (5) if you need stronger containment, run the skill inside a sandboxed VM or container so network/file writes are limited.Like a lobster shell, security has layers — review code before you run it.
latestvk97010khp5jcqgrxbx0wcs4hmd84wdt9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.