← Back to Skills Marketplace
股票全面分析
by
gaoren36-arch
· GitHub ↗
· v2.1.0
· MIT-0
258
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install gaoren-stock-advanced
Description
股票全面分析 v2.1 - 港股/美股/A股 + 富途数据源 + 技术指标 + 综合报告(7大板块)
README (SKILL.md)
Stock Analyst - 智能股票分析系统 v2.1
简介
智能股票分析助手,支持港股、美股和A股实时行情查询,采用富途(Futu)作为主要数据源,确保数据准确可靠。
数据源说明
港股数据 (推荐)
- 主要数据源: 富途牛牛 (futunn.com)
- 数据特点: 实时准确,经过验证
- URL格式: https://www.futunn.com/stock/{code}-HK
美股数据
- 数据源: Finnhub API
- 备用: 富途牛牛
A股数据
- 数据源: 腾讯财经API
功能特性
1. 实时行情 (富途核实)
- 当前价格、涨跌幅
- 总市值、市盈率
- 52周高低点
- 资金流向
2. 技术指标
- RSI(14)、MACD
- 均线(MA5/10/20)
- 支撑位/阻力位
3. 分析师评级
- 强力推荐/买入/持有/卖出比例
- 目标价(最高/平均/最低)
- 上涨空间计算
4. 综合报告 (7大板块)
- 基本信息
- 实时行情
- 技术指标
- 同类公司对比
- 行业背景
- 综合判断
- 操作建议
支持的股票代码
港股 (5位数代码)
| 股票 | 代码 |
|---|---|
| 波司登 | 03998 |
| 平安好医生 | 01833 |
| 众安在线 | 06060 |
| 京东物流 | 02618 |
| 腾讯 | 00700 |
| 阿里巴巴 | 09988 |
| 美团 | 03690 |
美股 (英文代码)
| 股票 | 代码 |
|---|---|
| 京东 | JD |
| 阿里巴巴 | BABA |
| 特斯拉 | TSLA |
| 苹果 | AAPL |
| 英伟达 | NVDA |
A股 (6位数代码)
| 股票 | 代码 |
|---|---|
| 中国石油 | 601857 |
| 贵州茅台 | 600519 |
| 宁德时代 | 300750 |
| 比亚迪 | 002594 |
使用方式
直接对话分析港股
分析 03998 波司登
查一下01833
分析港股 00700
命令行
python analyze_stock.py 03998
响应示例
=================================================================
波司登 (03998.HK) 全面分析报告
=================================================================
【基本信息】
股票名称: 波司登国际控股有限公司
股票代码: 03998.HK
行业: 服装/羽绒服
【实时行情】
当前价格: HK$4.13
涨跌额: +HK$0.04 (+0.98%)
总市值: HK$482.53亿
市盈率TTM: 12.33
【技术指标】
日涨跌幅: +0.98% (小幅上涨)
距目标价: +39% (HK$5.74)
【同类公司对比】
(服装板块对比数据)
【行业背景】
羽绒服高端化趋势
国产品牌崛起
【综合判断】
分析师: 强力推荐 91.43%
评分: 70/100
【操作建议】
评级: 建议买入
目标价: HK$5.74
止损: HK$3.80
=================================================================
版本历史
- v2.1.0: 新增富途数据源,港股数据准确可靠
- v2.0.0: 整合技术指标和新闻分析
- v1.0.0: 初始版本,支持港股/美股行情查询
Usage Guidance
Key issues to consider before installing or running this skill:
- Hard-coded API key: Multiple source files include a plain-text Finnhub API key. This is undocumented in the manifest and could be someone else's key. Do NOT assume it's safe or private — ask the author to remove it and require users to provide their own FINNHUB_API_KEY via environment variables.
- Undeclared environment variables: Some scripts read FINNHUB_API_KEY and test_longbridge.py reads LONGBRIDGE_ACCESS_TOKEN. The skill's requires.env lists none. Confirm which API tokens you must supply and prefer env vars over embedded keys.
- Network calls to third parties: The code queries endpoints beyond well-known providers (e.g., ai.6551.io for news). Verify these endpoints' trustworthiness and privacy policy before running as they will see your requests and any tokens you supply.
- Runnable test/debug scripts: Several debug/test files (company_info.py, test_*.py, debug_*.py) perform network I/O on import/run and print data. Only run the specific main script you trust (e.g., analyze_stock.py) and review other scripts first.
- Secret hygiene & provenance: Ask the author for provenance of the included API key and for an explanation why it was embedded. If you must run the skill, do so in a sandboxed environment and rotate any keys you use. Prefer to set FINNHUB_API_KEY in your environment rather than relying on the package's hard-coded token.
- Minimal steps to reduce risk: (1) Inspect and remove/replace hard-coded keys in the code; (2) run only the intended script(s) in a network‑restricted sandbox until you confirm endpoints; (3) request the author to document required env vars and endpoints in SKILL.md; (4) verify third-party endpoints (ai.6551.io, qt.gtimg.cn, futunn.com, finnhub.io, eastmoney) are acceptable for your data/usage policy.
If you want, I can point to the exact files/lines that contain the hard-coded key and list all external URLs the package contacts so you can review them more easily.
Capability Analysis
Type: OpenClaw Skill
Name: gaoren-stock-advanced
Version: 2.1.0
The skill bundle contains a hardcoded Finnhub API key (d6nucg1r01qse5qn5e90d6nucg1r01qse5qn5e9g) across multiple files, including analyze_stock.py, report_v2.py, and jd_logistics.py, which is a significant credential exposure vulnerability. Additionally, the bundle is cluttered with numerous 'debug' and 'test' scripts (e.g., debug_news.py, test_longbridge.py, find_jd_code.py) that interact with various third-party endpoints like ai.6551.io and attempt to access environment variables, representing an unvetted and poorly sanitized attack surface.
Capability Assessment
Purpose & Capability
Name/description (stock analysis for HK/US/A shares) matches the code and SKILL.md: scripts fetch quotes, compute indicators and summarize news. Required binaries (python, curl) are appropriate.
Instruction Scope
SKILL.md emphasizes using Futu via browser and lists python/curl, but the shipped Python files perform many direct network requests (qt.gtimg.cn, finnhub.io, ai.6551.io, searchapi.eastmoney.com, api.longbridgeapp.com, hq.sinajs.cn). Several debug/test scripts and some modules perform network I/O at import/run time (e.g., company_info.py prints data immediately). The SKILL.md does not declare or document the embedded API token(s) or some of these third‑party endpoints; that grants the code broad network access beyond the simple browser link guidance.
Install Mechanism
No install spec is present (instruction-only plus code files). No external binaries or archive downloads are staged by an installer — lower install risk. However, the repository contains runnable Python scripts which will execute network calls when run.
Credentials
Code contains a hard-coded Finnhub API key string ('d6nucg1r01qse5qn5e90d6nucg1r01qse5qn5e9g') appearing in multiple files, yet SKILL.md/requires.env declare no credentials. Some scripts also reference environment variables (FINNHUB_API_KEY, LONGBRIDGE_ACCESS_TOKEN) but these are not documented in the skill manifest. Hard-coded keys in distributed code are a secret-management and provenance concern: you may be using someone else's key (rate limits, billing, or revoked keys), and it reveals a credential in plain text inside the package.
Persistence & Privilege
Skill is not always:true, is user-invocable, and does not request persistent system privileges or edit other skills. There is no evidence it modifies system-wide configs; privilege level is typical for a user-run script.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install gaoren-stock-advanced - After installation, invoke the skill by name or use
/gaoren-stock-advanced - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.1.0
**港股分析支持升级,数据更加权威。**
- 新增富途(Futu)为主要数据源,确保港股行情准确可靠
- 港股分析报告和行情各项核心数据实时核实自富途
- 代码和说明文档同步更新,详列支持代码与使用示例
- 版本号更新至2.1.0
Metadata
Frequently Asked Questions
What is 股票全面分析?
股票全面分析 v2.1 - 港股/美股/A股 + 富途数据源 + 技术指标 + 综合报告(7大板块). It is an AI Agent Skill for Claude Code / OpenClaw, with 258 downloads so far.
How do I install 股票全面分析?
Run "/install gaoren-stock-advanced" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is 股票全面分析 free?
Yes, 股票全面分析 is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does 股票全面分析 support?
股票全面分析 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created 股票全面分析?
It is built and maintained by gaoren36-arch (@gaoren36-arch); the current version is v2.1.0.
More Skills