← Back to Skills Marketplace
152
Downloads
0
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install stock-entry-analyzer
Description
多指标股票入场分析工具。基于乖离率 (BIAS) 为核心,结合均线/MACD/RSI/成交量/资金流/估值等 7 大类指标,综合判断股票或基金是否适合买入。使用 stock-price-query、stock-market-pro、eastmoney-tools 获取数据,输出检查清单和综合评分。当用户询问"XX...
Usage Guidance
This skill implements the advertised stock-analysis logic, but it reads an EastMoney API key (EM_API_KEY) and directly accesses a vault file (/root/.openclaw/workspace/vault/credentials/eastmoney.json) while the registry metadata declares no required secrets. Before installing: 1) ask the publisher to declare EM_API_KEY (or other credentials) in the skill metadata and explain why vault access is needed; 2) review or sandbox the skill — it executes other skills' scripts from /root/.openclaw/workspace which could run arbitrary code, so verify those scripts (stock-price-query, mx-finance-data) are trustworthy; 3) ensure required Python packages (pandas, openpyxl) are available or explicitly listed; 4) if you keep secrets in a shared vault, consider restricting this skill's access or running it in an isolated environment; 5) if you can't verify the other skills or the vault contents, do not grant this skill access to your production agent.
Capability Analysis
Type: OpenClaw Skill
Name: stock-entry-analyzer
Version: 3.0.0
The skill bundle implements a stock analysis tool that exhibits high-risk behaviors, specifically direct access to sensitive credential files in the OpenClaw vault (/root/.openclaw/workspace/vault/credentials/eastmoney.json) and the execution of external scripts via subprocess.run (found in analyze_stocks.py and analyze_stocks_v2.py). While these actions are plausibly aligned with the stated purpose of integrating multiple financial data sources (e.g., Eastmoney and Tencent), the practice of hardcoding paths to other skills and directly reading shared credentials represents a significant security risk within the agent environment. No clear evidence of intentional malice or data exfiltration was identified.
Capability Tags
Capability Assessment
Purpose & Capability
The skill's behavior (calling stock-price-query, mx-finance-data and eastmoney-related code) is consistent with a stock analysis tool. However, the package/registry metadata declares no required environment variables or credentials while the code explicitly looks up EM_API_KEY and attempts to read /root/.openclaw/workspace/vault/credentials/eastmoney.json. The missing declaration of that secret is an incoherence and reduces transparency.
Instruction Scope
SKILL.md and scripts instruct the agent to run local scripts under /root/.openclaw/workspace/skills and to parse files produced by those scripts (Excel), which is expected for data fetching. But the runtime instructions (and code) also attempt to read a vault credentials file and environment variables that are not declared in the metadata. The instructions grant the skill broad discretion to call other on-disk skill scripts and read files in the workspace — this should be explicitly declared and justified.
Install Mechanism
There is no install spec (instruction-only) and code files are included. The scripts call subprocesses and use pandas/xls parsing, but the skill does not declare runtime dependencies (pandas). This is not inherently malicious but is a missing dependency declaration that may cause runtime failures or unexpected installs elsewhere.
Credentials
The code reads EM_API_KEY from the environment and falls back to reading /root/.openclaw/workspace/vault/credentials/eastmoney.json. The skill metadata lists no required env vars or primary credential. Requesting or reading vault files (which may contain other secrets) without declaring that need is disproportionate and reduces user control/consent.
Persistence & Privilege
always is false and the skill does not request forced inclusion or modify other skills' configuration. It does execute other skills' scripts and reads files in the workspace, but it does not appear to persist itself or elevate privileges.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install stock-entry-analyzer - After installation, invoke the skill by name or use
/stock-entry-analyzer - Provide required inputs per the skill's parameter spec and get structured output
Version History
v3.0.0
重大修复:①使用 stock-price-query v1.1.4 混合数据源(港股实时)②三层 EMA20 获取策略(妙想真实数据→历史计算→改进估算)③统一乖离率公式 (price/ema20-1)*100 ④优化评分权重(乖离率 40 分)⑤港股 fallback 机制
v1.0.2
- 增加了“触发场景”说明,包括关键词智能触发和定时报告支持
- 删除 .clawhub/config.json 配置文件
- 精简和优化 Skill 描述,补充了定时任务与报告、持仓分析等使用场景
- 非核心功能和实现细节未变,输出模板与指标体系保持一致
v1.0.1
Initial release.
- 提供多指标股票/基金入场分析工具,结合乖离率(BIAS)、均线、MACD、RSI、成交量、主力资金流、估值等 7 大类指标综合判断买入时机
- 支持标准化输出模板(单只/多只标的均支持),清晰展示评分、信号明细及操作建议
- 集成 stock-price-query、stock-market-pro、eastmoney-tools 数据源
- 附带详细评分体系与脚本 calc_bias.py 用于乖离率计算
- 明确使用说明、注意事项及风险提示
v1.0.0
Initial release: 多指标股票入场分析工具,基于乖离率 (BIAS) 为核心,结合均线/MACD/RSI/成交量/资金流/估值等 7 大类指标综合评分
Metadata
Frequently Asked Questions
What is Stock Entry Analyzer?
多指标股票入场分析工具。基于乖离率 (BIAS) 为核心,结合均线/MACD/RSI/成交量/资金流/估值等 7 大类指标,综合判断股票或基金是否适合买入。使用 stock-price-query、stock-market-pro、eastmoney-tools 获取数据,输出检查清单和综合评分。当用户询问"XX... It is an AI Agent Skill for Claude Code / OpenClaw, with 152 downloads so far.
How do I install Stock Entry Analyzer?
Run "/install stock-entry-analyzer" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Stock Entry Analyzer free?
Yes, Stock Entry Analyzer is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Stock Entry Analyzer support?
Stock Entry Analyzer is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Stock Entry Analyzer?
It is built and maintained by LiuLi (@liuli4); the current version is v3.0.0.
More Skills