← Back to Skills Marketplace
121
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install stock-push
Description
A股股票定时推送系统。管理盘前推荐(09:20)、收盘复盘(15:05)、次日关注(20:00)三个推送任务,每交易日晚自动发送持仓股行情到微信。当用户提到:股票推送、持仓监控、定时提醒、A股行情,或者需要查询持仓盈亏、复盘信息、次日建议时触发。also triggers when user says "推送"...
Usage Guidance
Do not run the installer or scripts without inspection. Before installing: (1) Open scripts/stock_pre.py, stock_after.py, stock_next.py and change USER_ID to your own WeChat ID (or set it to empty and make the scripts fail-fast). Search the repo for 'USER_ID' and verify no other hardcoded recipients exist. (2) Review HOLDINGS/WATCH_LIST and confirm they contain only your intended tickers — the scripts will send those values off‑device. (3) Avoid piping unknown URLs to bash; download the .skill bundle, inspect it, and extract locally. (4) Be aware install scripts write /etc/cron.d and /etc/logrotate.d as root — if you prefer less privilege, run the Python scripts under a user cron or run them manually. (5) Verify the openclaw message send behavior in a controlled test (use a test USER_ID) so you know where messages go. If you cannot inspect or safely change USER_ID, do not install — leaving the default could send your holdings to a third party.
Capability Analysis
Type: OpenClaw Skill
Name: stock-push
Version: 1.0.2
The skill bundle requires root privileges to install system-level persistence (cron jobs in /etc/cron.d) and log rotation configurations, which is a high-risk operation for an AgentSkill. Additionally, all execution scripts (stock_pre.py, stock_after.py, stock_next.py) contain a hardcoded WeChat USER_ID ('[email protected]'), meaning a user's stock holdings and market data would be sent to the author by default if not manually updated. The installation scripts also employ the 'curl|bash' pattern and use os.system for command execution, increasing the attack surface.
Capability Assessment
Purpose & Capability
Name/description align with delivered files: scripts fetch A‑share quotes from EastMoney and send scheduled messages via the local 'openclaw message send' command. Cron/logrotate configuration and scripts for pre/after/next pushes are coherent with the stated purpose.
Instruction Scope
Runtime instructions and scripts run as system cron jobs and will send your holdings/market data to the configured USER_ID via openclaw. The SKILL.md and installers instruct creating system cron entries and logrotate files; that scope is expected for scheduling but the scripts contain a prefilled USER_ID value that will cause automatic transmission of holdings unless the user edits it — this is a direct data‑exfiltration risk if overlooked.
Install Mechanism
No registry install spec in metadata (instruction-only skill) but the package includes install.sh and scripts/install.py that write files into /root/.openclaw and system locations (/etc/cron.d, /etc/logrotate.d). scripts/install.py will attempt to download a .skill file from a raw GitHub URL (placeholder 'your-repo'). Downloading/unzipping remote archives is moderate risk; install.sh also expects a local .skill file. Beware running curl|bash from an unknown URL and review any downloaded .skill before extracting.
Credentials
The skill does not request environment variables or credentials, but all three scripts include a hardcoded USER_ID (looks like a real wechat id format). If the user does not replace that value the system will send your holdings and derived analyses to that target. This hardcoded recipient is effectively a credential/recipient field and is disproportionate to a safe default (should be blank or explicit fail-unless-configured).
Persistence & Privilege
Installer and install.sh/install.py write persistent system files (cron entries in /etc/cron.d and logrotate in /etc/logrotate.d) and copy code into /root/.openclaw/workspace — these actions require root privileges and create persistent scheduled behavior. This is expected for a cron-based push service but raises the usual risk surface for persistent system modifications.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install stock-push - After installation, invoke the skill by name or use
/stock-push - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
SKILL.md 字段说明更新;history.md 补充 4/21 修复记录
v1.0.1
修复竞价阶段 f44='-' 导致解析失败的问题;新增 f60 备用昨收字段
v1.0.0
首发版本
Metadata
Frequently Asked Questions
What is Stock Push?
A股股票定时推送系统。管理盘前推荐(09:20)、收盘复盘(15:05)、次日关注(20:00)三个推送任务,每交易日晚自动发送持仓股行情到微信。当用户提到:股票推送、持仓监控、定时提醒、A股行情,或者需要查询持仓盈亏、复盘信息、次日建议时触发。also triggers when user says "推送"... It is an AI Agent Skill for Claude Code / OpenClaw, with 121 downloads so far.
How do I install Stock Push?
Run "/install stock-push" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Stock Push free?
Yes, Stock Push is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Stock Push support?
Stock Push is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Stock Push?
It is built and maintained by maizhenn (@maizhenn); the current version is v1.0.2.
More Skills