ClawHub

A股港股股票分析

v1.0.0

A股和港股股票数据分析工具,优先使用Tushare数据,Tushare不可用时自动回退到AKShare获取行情、财务指标,支持基本面分析和技术分析。

0· 84·0 current·0 all-time
byzh4o@zh40
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (stock analysis using Tushare/AKShare) match the included scripts and requirements. The scripts implement basic info, historical data, fundamental and technical analysis as described.
Instruction Scope
Runtime instructions are limited to installing Python packages, setting TUSHARE_TOKEN (optional), and running the provided scripts. They do not ask to read unrelated files or send data to unknown endpoints. Minor issue: SKILL.md's installation example omits akshare even though the code falls back to AKShare; also the package list in requirements.txt includes akshare but SKILL.md's pip line does not.
Install Mechanism
This is instruction-only with bundled Python scripts and a requirements.txt — no remote downloads or custom install hooks. Risk is typical for pip-installed packages; user should install from official package index. No install spec exists in the registry metadata.
Credentials
The code optionally reads TUSHARE_TOKEN from the environment to access Tushare; that is proportionate to the stated purpose. Metadata, however, lists no required env vars while SKILL.md instructs setting TUSHARE_TOKEN — a documentation mismatch but not a sign of excessive privilege.
Persistence & Privilege
Skill does not request persistent or elevated platform privileges (always is false), does not modify other skills, and does not write global agent config. It only reads an optional Tushare token from the environment and performs normal network calls to the data providers.
Assessment
This skill appears to do what it says: fetch stock data from Tushare (if you provide TUSHARE_TOKEN) and fall back to AKShare. Before installing/running: (1) install dependencies in a virtual environment and include akshare (requirements.txt lists akshare but the README pip example omits it); (2) only set TUSHARE_TOKEN if you trust the environment — the token is used to call the official Tushare API; (3) review/verify pip package sources (install from PyPI or your trusted mirror); (4) if you run this in a shared environment, avoid exposing sensitive tokens—the scripts make network calls to Tushare/AKShare and print results but do not contain obfuscated or exfiltration code. The main issues are documentation/metadata mismatches (missing env var declaration and incomplete install instructions), not malicious behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk970frj24c56h7z39fxf5v7xwx84kjhw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments