← Back to Skills Marketplace
12996
Downloads
6
Stars
163
Active Installs
4
Versions
Install in OpenClaw
/install stock-monitor
Description
股票价格实时监控。支持多只股票监控,使用 Yahoo Finance API 获取实时股价,自定义涨跌阈值提醒。当股价波动超过设定阈值时自动发送提醒,支持首次预警和续警机制。用于:(1) 监控持仓股票价格波动 (2) 设置价格提醒 (3) 定期检查股价变化
Usage Guidance
Review before installing, especially if you expected only Yahoo Finance price alerts. Install only if you are comfortable with scheduled background checks, local portfolio-related state files, Yahoo Finance requests, and the included but under-documented Futu/OpenD script. Do not place brokerage or Futu unlock passwords in the config unless the publisher clearly documents why they are needed, how they are protected, and how to disable or remove that mode.
Capability Analysis
Type: OpenClaw Skill
Name: stock-monitor
Version: 1.3.0
The skill is classified as suspicious due to a potential prompt injection vulnerability identified in the `SKILL.md` file. The `openclaw cron add` command includes a `--message` argument that instructs the AI agent to "运行 python3 ~/.openclaw/workspace/skills/stock-monitor/scripts/stocks_monitor.py 并把输出发给我" (Run python3 ... and send me the output). While the specific command executed here is benign (running the skill's own script), this pattern demonstrates a vulnerability where an attacker could potentially inject arbitrary commands into the agent's execution flow via the `--message` parameter. The Python scripts themselves (e.g., `scripts/stocks_monitor.py`, `scripts/futu_stocks_monitor.py`) appear benign, performing legitimate stock monitoring functions, accessing expected local configuration/state files, and interacting with known financial APIs (Yahoo Finance, local Futu OpenD) without evidence of malicious intent like data exfiltration or unauthorized access.
Capability Assessment
Purpose & Capability
Yahoo Finance price monitoring, local stock configs, alert state, and scheduled checks fit the stated stock-alert purpose. The package also contains futu_stocks_monitor.py, which connects to Futu OpenD and can use an unlock_password; that broker-adjacent capability is not disclosed in SKILL.md and is materially broader than the advertised Yahoo Finance monitor.
Instruction Scope
The documented cron message runs the skill's own stocks_monitor.py and sends its output to Discord, which is purpose-aligned for scheduled alerts. I did not find artifact evidence that the cron instruction itself injects arbitrary commands, but users should understand that it creates repeated automated execution.
Install Mechanism
No installer, shell bootstrap, package download, obfuscation, or destructive setup behavior was present. The artifact is a markdown skill plus Python scripts, but there is no explicit permission manifest scoping file reads/writes, network access, or local Futu service access.
Credentials
Outbound Yahoo Finance requests and local state files are proportionate for stock monitoring and are partly documented. The undisclosed local Futu OpenD connection, configurable host/port, and optional unlock_password handling are not proportionate to a description that only advertises Yahoo Finance quotes.
Persistence & Privilege
The skill documents a five-minute cron job and local alert-state persistence for the main monitor, which is expected for alerts. Additional persistent state for rebalance and Futu monitors is present in code but not clearly documented, and the Futu path may involve sensitive local trading infrastructure credentials.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install stock-monitor - After installation, invoke the skill by name or use
/stock-monitor - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.3.0
feat: 新增股票调仓条件单监控功能 - 支持多股票联动条件(如:拼多多涨到 100 且微软跌到 130 时提醒) - 支持重复提醒(可配置连续提醒次数和间隔) - 支持 24 小时冷却期 - 新增 HTML 网页格式输出(中英文对照) - 优化 A 股/港股 9:30 开盘前跳过检查
v1.2.0
feat: 增加 A 股/港股 9:30 开盘前跳过检查功能,避开竞价阶段虚假波动
v1.1.0
优化预警逻辑:只在股价相对上次 alert 价格再波动超 1% 时才续警,避免频繁通知
v1.0.0
初始版本
Metadata
Frequently Asked Questions
What is Stock Monitor?
股票价格实时监控。支持多只股票监控,使用 Yahoo Finance API 获取实时股价,自定义涨跌阈值提醒。当股价波动超过设定阈值时自动发送提醒,支持首次预警和续警机制。用于:(1) 监控持仓股票价格波动 (2) 设置价格提醒 (3) 定期检查股价变化. It is an AI Agent Skill for Claude Code / OpenClaw, with 12996 downloads so far.
How do I install Stock Monitor?
Run "/install stock-monitor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Stock Monitor free?
Yes, Stock Monitor is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Stock Monitor support?
Stock Monitor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Stock Monitor?
It is built and maintained by 大斌 (@shengbinxu); the current version is v1.3.0.
More Skills