← Back to Skills Marketplace

Stock Expert

Name: Stock Expert
Author: sionyugg-a11y

by sionyugg-a11y · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

131

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install stock-expert-cn

Description

专业股票分析师，提供实时行情解读、技术指标分析、潜力股筛选及投资建议，包括风险提示和仓位管理。

Usage Guidance

What to consider before installing: - Do not reuse the TUSHARE_TOKEN shown in the README/ SKILL.md. That value looks like a concrete token and may be leaked; if you provided that token anywhere, rotate it immediately. - The skill legitimately needs market-data tokens (TUSHARE_TOKEN, FINNHUB_TOKEN). Only provide tokens you control and that have appropriate scopes/limits. - The package requests Python libs including ta-lib (which often requires native libraries). Install in a virtualenv or sandbox to avoid system-wide side effects. - The registry metadata (no envs, no install) disagrees with the embedded SKILL.md and analyzer.py. Ask the author/maintainer to reconcile metadata before trusting automatic installs. - Review analyzer.py yourself (it's included) or run it in an isolated environment to confirm behavior; it uses tushare and requests but does not contain obvious exfiltration code or external endpoints beyond standard APIs. - Because the skill source/owner is unknown, prefer running it in a container/VM, limit provided credentials to least privilege, and audit network activity if you test it. - If you plan to use the skill in production or share access, request the author to remove hard-coded tokens from docs and publish correct registry metadata and a provenance statement.

Capability Analysis

Type: OpenClaw Skill Name: stock-expert-cn Version: 1.0.0 The skill bundle contains a hardcoded Tushare API token (abfa8a1c06b30afd16dbe62e0c656dc769f4c56280d7c686556761b2) within both SKILL.md and README.md. Hardcoding credentials is a significant security vulnerability that can lead to credential leaks, unauthorized API usage, or potential tracking of users by the token owner. While the Python logic in analyzer.py appears to perform legitimate stock analysis and lacks clear evidence of data exfiltration or malicious intent, the inclusion of static secrets is a high-risk practice.

Capability Assessment

ℹ Purpose & Capability

The skill claims to do stock analysis (real-time quotes, indicators, screening) and the analyzer.py implements those functions using Tushare/Finnhub — those credentials reasonably belong here. However, the registry metadata earlier reported no required env vars/binaries while SKILL.md embeds required env variables and installation steps, which is an internal inconsistency.

⚠ Instruction Scope

SKILL.md instructs use of TUSHARE_TOKEN and FINNHUB_TOKEN and includes cron setup commands and dependency installs. More importantly, the README/SKILL.md contains a concrete TUSHARE_TOKEN value (hard-coded example) — this is sensitive and unexpected for a published package and increases risk of token leakage or misuse.

ℹ Install Mechanism

There is no registry install spec, but SKILL.md includes an embedded pip install requirement for pandas, numpy, ta-lib, requests. Installing pip packages is expected for this skill; ta-lib can require native libs which raises operational friction but not direct maliciousness. The mismatch between 'no install spec' in registry and install instructions in SKILL.md is inconsistent.

⚠ Credentials

The only needed credentials (TUSHARE_TOKEN, optional FINNHUB_TOKEN) are appropriate for market data access. However, the README contains a concrete token value, which is disproportionate and risky: it suggests a leaked/shared credential or that the author embedded a real token. Registry metadata claimed no required env vars, which contradicts the code and SKILL.md.

✓ Persistence & Privilege

The skill does not request always:true, does not claim to modify other skills or system settings, and does not demand elevated persistence. Cron commands are user-invoked examples, not automatic privileged actions.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install stock-expert-cn
After installation, invoke the skill by name or use /stock-expert-cn
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

股票分析专家智能体 1.0.0 发布 - 提供专业技术面与基本面分析，支持实时行情及多因子选股。 - 每日自动筛选并推送 5 支潜力股，生成详细报告。 - 内置行业轮动分析、资金流向追踪与高级自定义筛选。 - 集成多项核心功能与早盘/复盘输出模板。 - 支持定时报告、仓位风险提示及组合其他智能体联动使用。 - 依赖 Tushare、Finnhub 等数据源及外部环境配置。

Metadata

Slug stock-expert-cn

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Stock Expert?

专业股票分析师，提供实时行情解读、技术指标分析、潜力股筛选及投资建议，包括风险提示和仓位管理。 It is an AI Agent Skill for Claude Code / OpenClaw, with 131 downloads so far.

How do I install Stock Expert?

Run "/install stock-expert-cn" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Stock Expert free?

Yes, Stock Expert is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Stock Expert support?

Stock Expert is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Stock Expert?

It is built and maintained by sionyugg-a11y (@sionyugg-a11y); the current version is v1.0.0.

More Skills