← Back to Skills Marketplace
港股+A股盯盘系统
by
merlini0116
· GitHub ↗
· v1.0.0
· MIT-0
113
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install hk-stock-monitor
Description
港股+A股实时盯盘系统,支持技术分析、涨跌幅告警、飞书推送。使用场景:(1) 查询港股/A股实时行情,(2) 监控股票涨跌幅告警,(3) 生成技术分析报告,(4) 定时推送盯盘报告。触发关键词:盯盘、股票监控、港股行情、A股行情、涨跌告警、技术分析。
README (SKILL.md)
港股+A股盯盘系统
实时盯盘 + 技术分析 + 告警推送,专为港股/A股投资者设计。
快速使用
获取实时行情
cd scripts && node monitor.js
输出:16只股票实时行情 + 技术分析 + 操作建议
检查涨跌幅告警
cd scripts && node alert-check.js
- 涨跌幅超过 4.9% 时推送飞书告警
- 每只股票每天最多告警1次
定时监控 (cron)
# 每30分钟运行一次
*/30 9-16 * * 1-5 cd /path/to/scripts && node monitor.js >> /var/log/monitor.log 2>&1
# 每3分钟检查告警
*/3 9-16 * * 1-5 cd /path/to/scripts && node alert-check.js >> /var/log/alert.log 2>&1
监控股票列表
A股 (8只):美的集团、中控技术、工商银行、中国中车、长安汽车、爱尔眼科、宋城演艺、青岛啤酒
港股 (8只):美团-W、阿里巴巴-SW、腾讯控股、吉利汽车、山高控股、华润燃气、顺丰控股、海尔智家
技术分析维度
| 维度 | 说明 |
|---|---|
| 量价关系 | 放量上涨/缩量上涨/放量下跌/缩量下跌 |
| 涨跌位置 | 强势上涨/稳健上涨/小幅下跌/大幅下跌 |
| 委比分析 | 买盘强劲/卖压较重 |
| 振幅分析 | 剧烈波动/正常波动/交投清淡 |
操作建议逻辑
根据综合评分生成:
- 持有/逢低加仓:趋势向好,量价配合
- 观望:方向不明,等待信号
- 减仓/止损:下跌趋势明显
数据源
- 主数据源:新浪财经(免费,无需 API key)
- 备用数据源:QVeris(付费,需 API key)
故障时自动切换,连续失败3次发送告警。
飞书推送配置
编辑 scripts/data-sources.js:
const CONFIG = {
chatId: 'oc_xxx', // 飞书群聊 ID
...
};
Pro 版功能 (订阅 $20/月)
| 功能 | 基础版 | Pro 版 |
|---|---|---|
| 股票数量 | 8只 | 16只 + 自定义 |
| 告警推送 | ❌ | ✅ 飞书/Telegram |
| AI投研 | ❌ | ✅ hk-ai-stock-expert |
| 历史数据 | 7天 | 6个月 |
Pro 版订阅联系作者获取。
文件结构
hk-stock-monitor/
├── SKILL.md
├── scripts/
│ ├── monitor.js # 主监控脚本
│ ├── alert-check.js # 告警检查脚本
│ └── data-sources.js # 数据获取模块
└── references/
└ stocks.md # 股票配置参考
Usage Guidance
This skill largely behaves like a stock-monitoring/alerting tool, but take these precautions before installing or running it:
- Do not trust the hard-coded QVeris API key in the source. Treat it as a secret leakage risk; rotate the key if it is yours, or remove it and require the user to supply QVERIS_API_KEY via environment variables.
- The SKILL.md lists no required env vars but the code uses QVERIS_API_KEY. Ask the author to declare required env vars (and remove embedded secrets) or refuse to use the hard-coded default.
- The scripts write state and data to absolute paths under /root/.openclaw/... and /var/log in the suggested cron. Ensure these paths are appropriate for your environment and that you run the scripts with a least-privileged account (do not run as root unless you intend to). Consider changing paths to a dedicated, non-root workspace.
- The code execs an external qveris-official script (node qveris_tool.mjs) by cd'ing into /root/.openclaw/workspace/skills/qveris-official. Verify that file exists and inspect it for malicious behavior before running. If that dependency is not present, the skill shells out to execute code in another skill's workspace — this increases risk.
- The scripts call openclaw message send via child_process.execSync to deliver Feishu messages. Confirm what openclaw message send does in your environment and that the chatId is correct. If you don't want messages sent automatically, remove or stub out sendAlert calls while testing.
- Run the code in an isolated environment (container or VM) first, and review/modify the code to remove hard-coded credentials and absolute paths. Provide QVERIS_API_KEY via environment only if you trust QVeris and have a paid account.
What would change this assessment: if the author published a clear README stating the external qveris dependency, removed the hard-coded API key and declared required env vars, and replaced absolute /root paths with configurable relative paths, the concerns would be largely resolved and the skill would look coherent and lower risk. If you cannot verify or remove the hard-coded key and the external script, treat installation as risky.
Capability Analysis
Type: OpenClaw Skill
Name: hk-stock-monitor
Version: 1.0.0
The skill bundle contains hardcoded sensitive credentials, including a QVeris API key and a specific Feishu Chat ID (oc_c771930429ba9d9683b8a38fe3a9b3f9) in 'data-sources.js' and 'alert-check.js', which could lead to monitoring data being sent to the author's endpoint. Additionally, the scripts use 'execSync' with unsanitized string interpolation to call the OpenClaw CLI and external tools, introducing a high risk of shell injection. While the behavior aligns with the stated stock monitoring purpose, the combination of hardcoded secrets and insecure command execution is highly irregular for a public skill.
Capability Assessment
Purpose & Capability
The name/description (A/HK stock monitoring, alerts, Feishu push) matches the included scripts and runtime behavior: fetching quotes (Sina/QVeris), computing indicators, and sending Feishu messages. Using QVeris as a paid fallback is plausible. Minor concern: the scripts expect a local qveris-official script under the workspace (executes that script), which is an external dependency not mentioned in SKILL.md.
Instruction Scope
SKILL.md instructs running the provided node scripts and cron jobs. The scripts read/write state and data under absolute paths (e.g. /root/.openclaw/workspace/...), call execSync to run the openclaw CLI and an external qveris tool, and send messages via openclaw message send. The SKILL.md does not declare these file paths or that it will execute another skill's script, creating scope creep and implicit permissions to read/write the workspace and execute other code.
Install Mechanism
No install spec (instruction-only) and no downloads — low installation risk. The code will only be written if the user places it in their environment and runs the scripts.
Credentials
The repository metadata declares no required env vars, but the code reads process.env.QVERIS_API_KEY. Worse, a full API key string ('sk-...') is hard-coded as a default in two places. This is an unexpected secret embedded in code and an undeclared credential requirement. The scripts also hard-code Feishu chat IDs. These are disproportionate to the SKILL.md which does not list secrets.
Persistence & Privilege
The skill does not set always:true and is user-invocable (normal). It persists state/data under absolute workspace paths and uses execSync to run other scripts and the openclaw CLI. That means if you run it, it will create files and invoke other local tools — review those locations and permissions first. Executing another skill's script increases blast radius if that script is untrusted.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install hk-stock-monitor - After installation, invoke the skill by name or use
/hk-stock-monitor - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
首次发布
Metadata
Frequently Asked Questions
What is 港股+A股盯盘系统?
港股+A股实时盯盘系统,支持技术分析、涨跌幅告警、飞书推送。使用场景:(1) 查询港股/A股实时行情,(2) 监控股票涨跌幅告警,(3) 生成技术分析报告,(4) 定时推送盯盘报告。触发关键词:盯盘、股票监控、港股行情、A股行情、涨跌告警、技术分析。 It is an AI Agent Skill for Claude Code / OpenClaw, with 113 downloads so far.
How do I install 港股+A股盯盘系统?
Run "/install hk-stock-monitor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is 港股+A股盯盘系统 free?
Yes, 港股+A股盯盘系统 is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does 港股+A股盯盘系统 support?
港股+A股盯盘系统 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created 港股+A股盯盘系统?
It is built and maintained by merlini0116 (@merlini0116); the current version is v1.0.0.
More Skills