← Back to Skills Marketplace
Global Financial Downloader
by
cgxxxxxxxxxxxx
· GitHub ↗
· v2.3.0
· MIT-0
117
Downloads
0
Stars
1
Active Installs
7
Versions
Install in OpenClaw
/install global-financial-downloader
Description
全球财报智能下载器 v2.2。自动识别市场(A 股/港股/美股),自动选择爬虫。港股使用东方财富+同花顺 API,无需认证。美股外国公司(ADR)自动使用 20-F/6-K 替代 10-K/10-Q。subprocess 替代 os.system,错误检查+输出捕获。支持 --dry-run 预览、下载后自动验证。
README (SKILL.md)
When to Use
- Download financial reports from global markets (A-shares, HK, US)
- Automatically identify market from stock code
- Batch download annual/interim/quarterly reports
- Support both stock codes and company names
Quick Start
Download Single Company
# Use stock code (recommended - supports all companies)
python3 /root/.openclaw/workspace/skills/global-financial-downloader/downloader.py \
600519 --from=2020 --to=2026 --type=年报 --pdf
# Use company name (predefined companies only)
python3 /root/.openclaw/workspace/skills/global-financial-downloader/downloader.py \
贵州茅台 --from=2020 --to=2026 --pdf
Batch Download
# Create a script for batch download
cat > download_all.sh \x3C\x3C 'EOF'
#!/bin/bash
stocks=("600519 贵州茅台" "00700 腾讯" "AAPL 苹果")
for stock in "${stocks[@]}"; do
code=$(echo $stock | cut -d' ' -f1)
python3 /root/.openclaw/workspace/skills/global-financial-downloader/downloader.py \
$code --from=2020 --to=2024 --pdf
done
EOF
chmod +x download_all.sh
./download_all.sh
Parameters
| Parameter | Description | Default | Example |
|---|---|---|---|
stock |
Stock code or company name | Required | 600519, 贵州茅台, AAPL |
--from |
Start year | 2020 | --from=2020 |
--to |
End year | 2025 | --to=2026 |
--type |
Report type | 年报 | 年报, 中报, 10-K, 10-Q |
--pdf |
Download PDF files | No | --pdf |
--no-pdf |
Skip PDF download | No | --no-pdf |
Supported Markets
A-Shares (China)
| Code | Name (CN) | Name (EN) |
|---|---|---|
| 600519 | 贵州茅台 | kweichow_moutai |
| 000858 | 五粮液 | wuliangye |
| 601318 | 中国平安 | ping_an_insurance |
| 600036 | 招商银行 | china_merchants_bank |
| ... | ... | ... |
Use stock code for ANY A-share company!
Hong Kong
| Code | Name (CN) | Name (EN) |
|---|---|---|
| 00700 | 腾讯 | tencent |
| 09988 | 阿里巴巴 | alibaba |
| 03690 | 美团 | meituan |
| 01810 | 小米 | xiaomi |
| ... | ... | ... |
港股数据源 (v2.0 更新):
| 数据源 | API | 说明 |
|---|---|---|
| 东方财富 | np-anotice-stock.eastmoney.com |
完整报告最多,22 份年报 (2005-2025) |
| 同花顺 | basic.10jqka.com.cn/basicapi/notice/pub |
补充东方财富缺失年份 |
| 披露易 | www1.hkexnews.hk |
兜底 |
港股代码自动转换: 700/0700/00700/HK0700 自动适配各平台格式。
US Stocks
| Code | Name (CN) | Name (EN) |
|---|---|---|
| AAPL | 苹果 | apple |
| MSFT | 微软 | microsoft |
| GOOGL | 谷歌 | alphabet |
| AMZN | 亚马逊 | amazon |
| NVDA | 英伟达 | nvidia |
| ... | ... | ... |
Use stock code for ANY US company!
Report Types
A-Shares / HK
| Type | Parameter | Description |
|---|---|---|
| 年报 | 年报, annual |
Annual Report |
| 中报 | 中报, interim |
Interim Report |
| 季报 | 季报, quarterly |
Quarterly Report |
| 全部 | 全部, all |
All Reports |
US Stocks
| Type | Parameter | Description |
|---|---|---|
| 年报 | 10-K, 年报 |
Annual Report (10-K) |
| 季报 | 10-Q, 季报 |
Quarterly Report (10-Q) |
| 全部 | all, 全部 |
All Reports |
Output Files
/root/.openclaw/workspace/exports/
├── cninfo_{name}/ # A-shares
│ ├── cninfo_{code}.json
│ ├── cninfo_{code}.csv
│ └── pdfs/
├── hkex_{name}/ # HK
│ ├── hkex_{name}_financial.json
│ ├── hkex_{name}_financial.csv
│ └── financial_pdfs/
└── sec_{name}/ # US
├── sec_{code}_{type}.json
├── sec_{code}_{type}.csv
└── pdfs/
Examples
Example 1: Download Moutai Annual Reports
python3 /root/.openclaw/workspace/skills/global-financial-downloader/downloader.py \
600519 --from=2020 --to=2026 --type=年报 --pdf
Example 2: Download Tencent Reports
python3 /root/.openclaw/workspace/skills/global-financial-downloader/downloader.py \
00700 --from=2020 --to=2026 --pdf
Example 3: Download Apple 10-K
python3 /root/.openclaw/workspace/skills/global-financial-downloader/downloader.py \
AAPL --from=2020 --to=2026 --type=10-K --pdf
Example 4: Download All Reports (No PDF)
python3 /root/.openclaw/workspace/skills/global-financial-downloader/downloader.py \
贵州茅台 --type=全部 --no-pdf
Technical Details
Market Identification
- 6-digit code starting with 6/0: A-shares
- 5-digit code starting with 0: HK stocks
- Letter code: US stocks
- Company name: Lookup in mapping table
Report Type Mapping
| Input | A-Shares | HK | US |
|---|---|---|---|
| 年报/annual | annual | financial | 10-K |
| 中报/interim | interim | financial | 10-Q |
| 季报/quarterly | regular | quarterly | 10-Q |
| 全部/all | regular | financial | all |
Configuration
Add New Companies
Edit /root/.openclaw/workspace/skills/global-financial-downloader/stock_mapping.json:
{
"cn_stocks": {
"stocks": [
["股票代码", "中文名称", "英文名称"],
["601318", "中国平安", "ping_an_insurance"]
]
}
}
Supported Companies
Predefined: 204 companies (50 A-shares, 51 HK, 100 US)
All companies: Use stock code for ANY company!
Troubleshooting
Issue: Company Not Recognized
Solution: Use stock code instead of company name
# ❌ May not work for undefined companies
python3 downloader.py 某公司 --pdf
# ✅ Always works
python3 downloader.py 600XXX --pdf
Issue: PDF Download Failed
Solution: Check network and disk space
Issue: No Reports Found
Solution: Expand year range or check report type
Related Files
- Main Script:
/root/.openclaw/workspace/skills/global-financial-downloader/downloader.py - Stock Mapping:
/root/.openclaw/workspace/skills/global-financial-downloader/stock_mapping.json - HK Downloader:
/root/.openclaw/workspace/skills/hk-financial-downloader/scripts/hk_downloader.py - Output:
/root/.openclaw/workspace/archive/
Update Log
| Version | Date | Changes |
|---|---|---|
| 2.2.0 | 2026-04-12 | 美股 ADR 支持 ⭐⭐ |
| - 美股外国公司自动使用 20-F/6-K(~50 家公司) | ||
| - 本土公司继续用 10-K/10-Q | ||
| - 外国公司列表:中概股+加拿大+欧洲+日本+拉美 | ||
| - SEC 爬虫 v2.0:CIK 缓存扩展 + 自动搜索 | ||
| 2.1.0 | 2026-04-12 | 6 项修复 ⭐ |
| - subprocess 替代 os.system(错误检查 + 输出捕获) | ||
| - 报告类型大小写保护(10-k → 10-K) | ||
| - market key 大小写修复(HK→hk) | ||
| - 港股 report type 映射修复(financial → 年报/中报/季报) | ||
| - --dry-run 预览模式 | ||
| - 下载后自动验证结果 | ||
| 2.0.0 | 2026-04-12 | 港股重构 ⭐⭐⭐ |
- 替换 hkex_auto_scraper_v3.py → hk_financial_downloader |
||
| - 数据源:东方财富 + 同花顺 API(无需认证) | ||
| - 自动代码格式转换 (700/0700/00700/HK0700) | ||
| - 完整报告优先于业绩公告 | ||
| - 移除 playwright 依赖 | ||
| 1.0.0 | 2026-04-03 | 初始版本 |
Author
Created by 玄武 🐢 Version: 2.2.0 Last Updated: 2026-04-12
Usage Guidance
This skill appears to implement the described functionality, but there are important caveats to consider before running it:
1) External script dependency: downloader.py calls other scripts using hardcoded absolute paths under /root/.openclaw (e.g. hk_downloader, sec_edgar_scraper, cninfo_api_scraper). Those files are not part of this skill bundle. Confirm those scripts exist and review them — the downloader will likely invoke them and they determine a lot of runtime behavior.
2) Shell command / injection risk: the script uses subprocess.run(..., shell=True) to execute commands. If any user-supplied values (stock codes, names, flags) are concatenated into shell command strings, an attacker could perform command injection. Inspect the rest of downloader.py for where command strings are built and ensure arguments are passed as argument lists (no shell) or properly escaped/sanitized.
3) Hardcoded paths and root workspace: examples and code use /root/.openclaw and suggest creating /usr/local/bin wrappers. Avoid running these as root or on production hosts. Prefer executing in an isolated environment (container/VM) and run with least privilege.
4) Data scope and side effects: the tool reads/writes files under the workspace and exports directory. If you have sensitive files in those directories, run the skill isolated. The SKILL.md encourages editing mapping JSONs inside the skill — ensure those edits are intentional.
5) Sloppy/data issues: mapping file contains duplicate entries (e.g., 600519 appears more than once with different English names). This is a sign of limited QA — review behavior when mapping duplicates occur.
Recommendations before installing/running:
- Inspect the full downloader.py and any invoked external scripts for command construction, network endpoints, credential handling, and file I/O.
- If you plan to run it, do so in an isolated environment (container) and start with --dry-run and --no-pdf to observe behavior without downloading artifacts.
- Do not run as root; run under an unprivileged user and limit filesystem/network access if possible.
- If you cannot review the external scripts the downloader calls, treat this as higher risk and avoid running it on sensitive systems.
What would change this assessment: if the skill bundle included all required scrapers (no external hardcoded script paths) and the code constructed subprocess calls safely (using argument lists or strict sanitization), I would downgrade to benign. Conversely, finding direct use of unsanitized user input in shell command strings or hidden remote upload endpoints would raise the severity.
Capability Analysis
Type: OpenClaw Skill
Name: global-financial-downloader
Version: 2.3.0
The skill bundle contains a significant shell injection vulnerability in `downloader.py`. The script uses `subprocess.run(shell=True)` to execute commands where the `--type` parameter is taken directly from user input and appended to a command string without sanitization if it does not match a predefined mapping. While the tool's stated purpose of downloading financial reports appears legitimate and no evidence of intentional malice or data exfiltration was found, the use of unsafe shell execution on unsanitized input poses a high security risk.
Capability Assessment
Purpose & Capability
The name/description suggest a self-contained downloader. The code only declares python3 as a requirement, but downloader.py hardcodes and calls other scripts located outside the skill directory (e.g. /root/.openclaw/workspace/skills/hk-financial-downloader/scripts/hk_downloader.py and /root/.openclaw/workspace/scripts/sec_edgar_scraper.py). That means the skill is not actually standalone and implicitly depends on other tools/assets that are not declared. This mismatch is unexpected and could be fragile or abused.
Instruction Scope
SKILL.md instructs running the script with absolute paths under /root/.openclaw and to edit files under the skill workspace. The Python code uses a run_command implementation that calls subprocess.run(..., shell=True) and prints/forwards stdout/stderr. If user inputs (stock codes/names/flags) are interpolated into shell commands later in the script (likely, given the external-script invocation pattern), this creates command-injection risk. The instructions also encourage creating global wrappers and running as root paths, which increases blast radius if something goes wrong.
Install Mechanism
No install spec (instruction-only + included code) — lower install risk. However, the skill expects other scripts in other workspace locations instead of shipping them or declaring them as dependencies; relying on external files from hardcoded locations is an installation/integration risk (missing files can cause runtime fallback behavior or attempts to call unrelated system scripts).
Credentials
The skill requests no environment variables or credentials, which is proportionate to its described purpose. However, it reads/writes files under /root/.openclaw/workspace and /root/.openclaw/workspace/exports and expects other scripts under /root/.openclaw/workspace/scripts and other skill directories — this implicit filesystem access should be considered when assessing where it will run and what data it can touch.
Persistence & Privilege
always is false and the skill does not request elevated persistent privileges. It writes outputs under the workspace export paths by design. There is no evidence it modifies other skills' configurations or requests permanent inclusion.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install global-financial-downloader - After installation, invoke the skill by name or use
/global-financial-downloader - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.3.0
- Update version to 2.3.0 in documentation.
- No other functional or content changes; documentation otherwise unchanged.
v2.2.2
No file changes detected in this release.
- Version updated to 2.2.2 with no code or documentation changes.
- All features and documentation remain the same as v2.2.0.
v2.2.1
- Added support for downloading reports through 2026 (updated default end year and usage examples)
- Adjusted documentation to reflect updated year range for parameters and commands
- No breaking changes; core functionality and APIs remain the same
v2.2.0
美股 ADR 支持:外国公司自动使用 20-F/6-K(~50 家公司),本土公司继续用 10-K/10-Q;SEC 爬虫 v2.0 扩展 CIK 缓存
v2.1.0
6项修复:subprocess替代os.system、报告类型大小写保护、market key修复、港股type映射、dry-run模式、自动验证结果
v2.0.0
港股重构:东方财富+同花顺 API,自动代码格式转换,完整报告优先,移除 playwright 依赖
v1.0.0
Global Financial Downloader 1.0.0 – Initial Release
- Download financial reports for A-shares, Hong Kong, and US stocks using either stock codes or company names.
- Automatically detects market and selects the correct data source and parser.
- Supports batch downloading of annual, interim, and quarterly reports in CSV, JSON, and PDF formats.
- Flexible command-line tool with parameters for year range, report type, and PDF options.
- Output organized by market and type for easy access and further analysis.
Metadata
Frequently Asked Questions
What is Global Financial Downloader?
全球财报智能下载器 v2.2。自动识别市场(A 股/港股/美股),自动选择爬虫。港股使用东方财富+同花顺 API,无需认证。美股外国公司(ADR)自动使用 20-F/6-K 替代 10-K/10-Q。subprocess 替代 os.system,错误检查+输出捕获。支持 --dry-run 预览、下载后自动验证。 It is an AI Agent Skill for Claude Code / OpenClaw, with 117 downloads so far.
How do I install Global Financial Downloader?
Run "/install global-financial-downloader" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Global Financial Downloader free?
Yes, Global Financial Downloader is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Global Financial Downloader support?
Global Financial Downloader is cross-platform and runs anywhere OpenClaw / Claude Code is available (linux, darwin, win32).
Who created Global Financial Downloader?
It is built and maintained by cgxxxxxxxxxxxx (@cgxxxxxxxxxxxx); the current version is v2.3.0.
More Skills