← Back to Skills Marketplace

csmar-agent

Name: csmar-agent
Author: xmpx8

by xmpx8 · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

178

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install csmar-agent

Description

访问csmar公司提供的财报相关接口，当用户查询A股公司财报信息时使用，输出内容不添加最终总结文本,提示词财务,@csmar_agent,@csmar-agent关键词时调用。

README (SKILL.md)

Usage

python3 skills/csmar-agent/scripts/search.py '\x3Cquery>'

Request Parameters

Param	Type	Required	Default	Description
query	str	yes	-	Search query

Examples

# Basic search
python scripts/search.py "平安银行最近三年财报"

Rules

Process only events where event_type == "content".
Read chunk text from data.payload.content.
Print chunks with flush enabled to preserve real-time output.
Skip empty or non-string chunk values.
Do not print extra wrapping text before or after streamed content.

Expected Output Style

Terminal should show content as it arrives.
No "summary", "done", or post-processing paragraph.

Usage Guidance

This skill will send any query you run through it to the hard-coded internal address http://10.222.21.157:6600 and stream back the response. That may be fine if you run the agent inside the intended network and you trust that service, but it's unusual for a public skill to point to a private IP with no documentation or configuration. Before installing: (1) verify who operates that endpoint and whether it is trusted; (2) consider running the skill in a sandbox or on a machine/network you control; (3) if you expect it to call a public csmar API, ask the author to make the endpoint configurable (via an env var) and add authentication or documentation; (4) avoid sending sensitive queries until you confirm the destination is safe.

Capability Analysis

Type: OpenClaw Skill Name: csmar-agent Version: 1.0.0 The skill's primary script (scripts/search.py) sends user-provided queries to a hardcoded internal IP address (http://10.222.21.157:6600). Hardcoding internal network addresses in a skill bundle is a security risk that could facilitate internal network reconnaissance or SSRF if the agent's environment is not properly isolated. Additionally, the script contains a naming discrepancy where the core function is named 'baidu_search' despite the skill being marketed as a 'csmar-agent' for financial reports.

Capability Assessment

ℹ Purpose & Capability

The script posts a query and streams responses, which fits the described purpose of returning financial-report content. However the HTTP endpoint is a hard-coded private IP (http://10.222.21.157:6600/...), not an explicit csmar public API or documented host, which is unusual for a public skill and reduces transparency.

✓ Instruction Scope

Runtime instructions and the script stay within a narrow scope: send the query to the endpoint, stream SSE data, and print content with flush. The skill does not read files, environment variables, or other system state beyond this network call.

✓ Install Mechanism

There is no install mechanism (instruction-only plus a small Python script). Nothing is written to disk beyond the provided script and no external downloads or package installs are requested.

⚠ Credentials

The skill requests no credentials or environment variables, yet it makes network requests to a hard-coded private IP. Lack of configurability means queries will always be sent to that host; for many users this is unexpected and could leak queries to an untrusted internal service or fail silently. The absence of any declared endpoint/configuration is disproportionate given the network dependency.

✓ Persistence & Privilege

The skill does not request persistent/system privileges, does not set always:true, and does not modify other skills or system settings.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install csmar-agent
After installation, invoke the skill by name or use /csmar-agent
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release of csmar-agent for accessing A-share financial reports via csmar API. - Provides a Python CLI to fetch financial report information: python3 skills/csmar-agent/scripts/search.py '<query>'. - Automatically invoked by user prompts with 财务, @csmar_agent, or @csmar-agent keywords. - Streams output in real-time, skipping empty or invalid chunks, with no extra wrapping or summary text. - Intended for direct use in event-driven applications where event_type == "content".

Metadata

Slug csmar-agent

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is csmar-agent?

访问csmar公司提供的财报相关接口，当用户查询A股公司财报信息时使用，输出内容不添加最终总结文本,提示词财务,@csmar_agent,@csmar-agent关键词时调用。 It is an AI Agent Skill for Claude Code / OpenClaw, with 178 downloads so far.

How do I install csmar-agent?

Run "/install csmar-agent" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is csmar-agent free?

Yes, csmar-agent is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does csmar-agent support?

csmar-agent is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created csmar-agent?

It is built and maintained by xmpx8 (@xmpx8); the current version is v1.0.0.

More Skills