← 返回 Skills 市场

A Stock Evening

Name: A Stock Evening
Author: chrislzg

作者 chrislzg · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install a-stock-evening

功能描述

Sends a daily 15:10 summary of A-share closing data including index changes, volume, hot sectors, and main capital flow via Feishu.

使用说明 (SKILL.md)

A股收盘报告

每个A股交易日 15:10 通过飞书发送当日收盘情况总结，包含主力资金状况。

触发条件

时间：每交易日 15:10（周一至周五）
时区：Asia/Shanghai
注意：节假日需额外判断

内容

上证指数、深证成指、创业板指、沪深300 涨跌幅
涨跌分布统计（上涨/下跌/平盘）
主力资金状况（重点）
- 主力资金净流入/净流出
- 主力资金净流入板块 Top 5
- 主力资金净流出板块 Top 5
热门板块
成交额
操作建议

实现

使用东方财富股票 API 获取实时数据：

指数: https://push2.eastmoney.com/api/qt/ulist.np/get
行业资金流向: https://push2.eastmoney.com/api/qt/clist/get (fid=f62 主力资金)
涨跌统计: https://push2.eastmoney.com/api/qt/ulist.np/get (f104/f105/f106)

发送

通过 OpenClaw 飞书通道发送给用户。

使用方法

# 仅生成报告
node scripts/closing-summary.mjs

# 生成并发送到飞书
node scripts/closing-summary.mjs --send

Cron 定时任务

设置每天 15:10 执行（OpenClaw 会自动判断是否为交易日）：

openclaw cron add "10 15 * * 1-5" --skill a-stock-evening -- --send

安全使用建议

This skill appears to do what it says (fetch EastMoney data and send a closing report via Feishu), but there are two things to consider before installing: - Command injection risk: the script builds a shell command with execSync and interpolates the whole report into it. Although it escapes quotes/newlines, other shell metacharacters from the fetched data could allow command execution. Prefer a safer send mechanism (use an API/client library or execFile with args) or robustly escape all shell metacharacters. - Hardcoded recipient: the script contains a fixed Feishu user id. Confirm this id is intended; otherwise modify the script to accept a configured recipient (via a declared setting or env var) to avoid sending reports to the wrong person. Other practical checks: ensure the openclaw CLI will be available in the runtime environment, and consider running the skill in a constrained environment (limited privileges) until you review and, if needed, patch the script to remove shell execution and make the recipient configurable.

功能分析

Type: OpenClaw Skill Name: a-stock-evening Version: 1.0.0 The skill contains a shell injection vulnerability in `scripts/closing-summary.mjs` where data fetched from external APIs (Eastmoney) is passed to `execSync` with insufficient sanitization (only double quotes and newlines are escaped, leaving shell metacharacters like backticks or dollar signs vulnerable). Additionally, the script hardcodes a specific Feishu user ID (`ou_d70ce91dc6fdd7aa7ceacb1c312618a0`), which causes the report to be sent to a fixed recipient rather than the user executing the skill, deviating from the behavior described in `SKILL.md`.

能力评估

ℹ Purpose & Capability

Name/description align with implementation: the script fetches A‑share data from EastMoney endpoints, builds a report, and sends via the OpenClaw Feishu channel. The network endpoints used (eastmoney push2 APIs) are consistent with the stated data sources. One unexpected element: the script hardcodes a Feishu user id (feishuUserId = 'ou_d70ce91dc6fdd7aa7ceacb1c312618a0'), which may not be appropriate for all users and is not explained in SKILL.md.

⚠ Instruction Scope

SKILL.md stays within scope (fetch data, format report, send via Feishu). However the runtime script uses child_process.execSync to run a shell command (openclaw message send) with a dynamically generated message interpolated into the command string. The code only escapes double quotes and newlines, leaving other shell metacharacters (e.g., $(...), ``, ;, & ) unescaped — if any API response field contains crafted content this could result in shell command execution. The script also assumes openclaw CLI presence and uses a hardcoded recipient id, which may leak messages to an unexpected third party.

✓ Install Mechanism

Instruction-only skill with a single included script; there is no install spec, no external archive downloads, and no packages installed by the skill itself. This is a low-risk install footprint.

ℹ Credentials

The skill declares no required environment variables or credentials. It relies on the OpenClaw CLI to handle Feishu delivery (so OpenClaw credentials are used implicitly). That is proportionate, but users should be aware the script will run with whatever OpenClaw/agent identity is available and will send messages under that identity. The hardcoded Feishu user id is not declared and may be inappropriate.

✓ Persistence & Privilege

The skill is not always:true and does not request system-wide changes. It does invoke the openclaw CLI to send messages (normal for this purpose). It does not modify other skills or system-wide configs.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install a-stock-evening
安装完成后，直接呼叫该 Skill 的名称或使用 /a-stock-evening 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

A股收盘报告 v1.0.0 – 首次发布 - 每个A股交易日 15:10 自动总结当日收盘情况并通过飞书发送 - 报告涵盖主要指数涨跌幅、涨跌分布、主力资金流向和热门板块 - 聚焦主力资金净流入/净流出及分行业Top 5板块 - 提供成交额信息与操作建议 - 支持命令行生成与发送报告，可结合定时任务自动推送

元数据

Slug a-stock-evening

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题

A Stock Evening 是什么？

Sends a daily 15:10 summary of A-share closing data including index changes, volume, hot sectors, and main capital flow via Feishu. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 65 次。

如何安装 A Stock Evening？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install a-stock-evening」即可一键安装，无需额外配置。

A Stock Evening 是免费的吗？

是的，A Stock Evening 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

A Stock Evening 支持哪些平台？

A Stock Evening 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 A Stock Evening？

由 chrislzg（@chrislzg）开发并维护，当前版本 v1.0.0。