ClawHub

Mx Finance Data 1.0.8

v1.0.0

基于东方财富数据库,支持自然语言查询金融数据,覆盖A港美、基金、债券等多种资产,含实时行情、公司信息、估值、财务报表等,可用于投资研究、交易复盘、市场监控、行业分析、信用研究、财报审计、资产配置等场景,适配机构与个人多元需求。返回结果包含数据说明及 xlsx 文件。Natural language query f...

0· 69·1 current·1 all-time
by@zhouhuihui008
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description request an EastMoney API key and financial queries; the code requires EM_API_KEY, python3, pip3 and uses httpx/pandas to call an EastMoney ai-saas endpoint and produce xlsx/txt outputs — this is proportionate and expected.
Instruction Scope
SKILL.md and scripts instruct installing httpx/pandas/openpyxl, setting EM_API_KEY, and running scripts/get_data.py with a natural-language query. The runtime instructions do not direct the agent to read unrelated files or other environment variables. Note: the script embeds EM_API_KEY into the request body (userInfo.userId) and will transmit it to the EastMoney endpoint, which is the intended authentication flow.
Install Mechanism
No automated download/install of arbitrary code; the README recommends pip3 install of well-known Python packages (httpx, pandas, openpyxl). This is a common, low-risk dependency pattern.
Credentials
Only EM_API_KEY is required (declared). No additional credentials, keys, or unrelated env vars are requested. The single key is justified: it authenticates requests to the EastMoney API used by the skill.
Persistence & Privilege
always is false and the skill does not request persistent platform-wide privileges. It writes output files to a local miaoxiang/mx_finance_data directory (normal for a CLI tool) and does not attempt to modify other skills or global agent config.
Assessment
This skill appears coherent with its stated purpose, but before installing: 1) Verify your EM_API_KEY is obtained from the official EastMoney/MxClaw service and has the intended scope/expiry; the key will be sent to https://ai-saas.eastmoney.com/proxy/b/mcp/tool/searchData as part of requests. 2) Consider running the script in an isolated environment (virtualenv/container) and review scripts/get_data.py yourself if you have concerns about what data is sent. 3) Be aware query text and returned results are transmitted to EastMoney — do not include sensitive secrets in queries. 4) Use a least-privilege or revocable API key and rotate/revoke it if you stop using the skill. 5) The recommended pip packages are standard; prefer installing them in a virtual environment rather than system-wide.

Like a lobster shell, security has layers — review code before you run it.

latestvk972rfyqg2xxkbs9qqj40j97vs83kkhk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3, pip3
EnvEM_API_KEY

Comments