功能描述

Analyze listed company financials to detect 21 fraud risk indicators with severity ratings and cross-validation for accounting anomalies and governance issues.

使用说明 (SKILL.md)

Financial Risk Scanner

Name: Financial Risk Scanner for Listed Companies
Author: laigen

Scan listed company financial statements for potential fraud signals and accounting anomalies using Tushare data APIs.

Quick Start

python3 scripts/analyze_company.py \x3Cts_code>

Example:

python3 scripts/analyze_company.py 000001.SZ

Workflow

Fetch Financial Data: Retrieve 10+ years of annual financial statements (balance sheet, income statement, cash flow statement) via Tushare
Calculate Risk Metrics: Compute 21 risk indicators with historical trend analysis
Cross-validate: Check company announcements for supporting evidence when anomalies detected
Generate Report: Produce structured risk assessment with severity ratings and recommendations

Risk Indicators

Category	Indicator	Detection Criteria
Asset Reality	Cash-Debt Paradox	Cash > 15% assets + Interest-bearing debt > 30% assets
	Receivables Anomaly	Receivables growth >> Revenue growth
	Inventory Anomaly	Inventory growth >> COGS growth
	Prepayments Surge	Prepayments > 5% assets without business rationale
	Other Receivables High	Other receivables > 5% net assets
	Construction Suspended	Construction long uncompleted or excessive
Profit Quality	Cash-Profit Divergence	High profit + Negative operating cash flow (3+ years)
	Gross Margin Anomaly	GM far above peers or rising persistently
	Sales Expense Anomaly	Sales expense ratio far below peers
	Abnormal Non-recurring	Non-recurring items > 30% of profit
	Asset Impairment Bath	One-time large impairment charges
Related Party	Related Transaction High	Related purchase/sales > 30%
	Related Fund Flows	Related party in other receivables/payables high
	Related Guarantees	External guarantees > 50% net assets
Capital Structure	Goodwill High	Goodwill > 30% net assets
	Debt Ratio High	Debt ratio > 70% and rising
	Short-term Liquidity	Short-term debt / Cash > 3x
	Dual Debt High	Long + Short debt high with cash strain
Audit & Governance	Auditor Changes	Consecutive auditor changes
	Non-standard Opinion	Audit opinion with emphasis or reservation
	Executive Departures	CFO/Board secretary frequent changes

Key Metrics Formulas

Cash-Debt Paradox Ratio = (Cash / Total Assets) × (Interest Debt / Total Assets)
Cash-Profit Ratio = Operating Cash Flow / Net Profit (threshold: \x3C 0.5 for 3+ years)
Receivables Growth Ratio = Receivables Growth Rate / Revenue Growth Rate
Inventory Turnover Ratio = COGS / Average Inventory
Gross Margin = (Revenue - COGS) / Revenue
Debt Ratio = Total Liabilities / Total Assets
Liquidity Pressure = Short-term Borrowing / Cash Balance

References

For detailed detection logic and thresholds, see references/risk_indicators.md.

Cross-Validation Sources

When anomalies are detected, cross-validate with:

Company announcements (via Tushare announcement API)
Audit reports in annual reports
Regulatory filings and enforcement notices
News and media coverage

Output Format

Reports are saved to ~/.openclaw/workspace/memory/financial-risk/\x3Ccompany_name>_\x3Cdate>.md

Report sections:

Company Overview: Basic info, industry, listing date
Risk Summary: Total risks, severity distribution, top concerns
Detailed Analysis: Each indicator with historical trend charts
Cross-validation: Supporting evidence from announcements
Recommendations: Priority actions and monitoring points

Severity Levels

Level	Symbol	Criteria
Critical	🔴	Multiple indicators triggered, strong fraud signals
High	🟠	Single strong indicator or 3+ moderate signals
Moderate	🟡	Anomaly detected but needs verification
Low	🟢	Minor concern, monitor periodically

Environment Variables

Variable	Required	Description
`TUSHARE_TOKEN`	✅ Yes	Tushare Pro API Token for Chinese A-share market data

How to obtain TUSHARE_TOKEN:

Register at https://tushare.pro/register
Get your token from the user center
Set environment variable:
```
export TUSHARE_TOKEN="your_token_here"
```

Python Dependencies

Package	Version	Purpose
`tushare`	>=1.2.0	A-share market data API
`pandas`	>=1.3.0	Data manipulation and analysis

Install dependencies:

pip install tushare pandas

Notes

Annual data preferred for stability; quarterly available for recent trends
Industry comparison essential for margin and expense analysis
Historical context matters: 10+ years for trend significance

Limitations

Limitation	Description
API Token Required	Requires a Tushare Pro API token to fetch data
Market Scope	Only supports Chinese A-share market listed companies
Historical Data	Limited to last 10 years of financial data
Related Party Data	Transaction data with related parties requires manual verification from annual report notes
Industry Comparison	Some industry metrics may not have sufficient peer data for comparison

Data Sources

Source	Type	Description
Tushare Pro API	Primary	Chinese A-share financial data, market data, and announcements

Provenance

Field	Value
Author	laigen
License	MIT
Homepage	https://clawhub.ai/skills/financial-risk-scanner
Registry	ClawHub

安全使用建议

What to check before installing or running this skill: - Metadata mismatch: the registry metadata claims no required env vars but SKILL.md and the code require a TUSHARE_TOKEN. Do not assume the skill needs no credentials — it does. Ask the publisher to correct the registry metadata. - TUSHARE_TOKEN is sensitive: it grants access to a paid data API tied to your account. Use a dedicated/limited API token (or trial account) rather than your primary account token. Monitor API usage/quota to avoid unexpected charges. - Inspect the repo yourself (you have the Python files). The code is readable and the network calls are to tushare.pro via the tushare client; there are no obvious obfuscated endpoints. If you are not comfortable reading code, run it in an isolated environment (VM or container) and with a test token first. - Files written to disk: reports are saved under ~/.openclaw/workspace/memory/financial-risk/. If you are concerned about data persistence or leakage, change the output path or run in a disposable environment. - API quota and batch mode: example scripts include batch analysis and loops over peer lists — these can consume large numbers of API calls. If you run batch analyses, throttle requests and watch your Tushare rate limits/quotas to avoid denial-of-service or unexpected billable usage. - Trust and provenance: the skill source and homepage shown in the registry are minimal/unknown. Prefer skills with a verifiable homepage, published repository, or known author. Ask the owner for source repository link or sign-off. If the owner provides corrected registry metadata (listing TUSHARE_TOKEN) and a verifiable homepage or repository, the inconsistencies would be resolved and confidence in the package would increase. If you can't validate the publisher, run the code only in a sandbox and use a token with limited access.

功能分析

Type: OpenClaw Skill Name: financial-risk-scanner Version: 1.0.4 The financial-risk-scanner bundle is a legitimate tool designed to analyze Chinese A-share market data for accounting anomalies. It uses the Tushare Pro API to fetch financial statements and implements 21 specific risk calculation logics (e.g., cash-debt paradox, inventory anomalies) within 'scripts/risk_calculator.py'. The code is well-structured, lacks any form of obfuscation, and does not contain any evidence of data exfiltration, unauthorized network calls, or malicious prompt injection instructions. All file operations are restricted to the local workspace for report generation in 'scripts/report_generator.py'.

能力评估

ℹ Purpose & Capability

The name/description (financial fraud/risk scanning) align with the included Python scripts and use of Tushare + pandas. The code implements fetching balancesheets, income, cashflow, indicators, computing 21 risk metrics, and generating Markdown reports — all consistent with the stated purpose. Minor inconsistency: the registry metadata provided to you lists no required environment variables, but the SKILL.md and code clearly require a TUSHARE_TOKEN; that mismatch is unexplained and notable.

✓ Instruction Scope

SKILL.md and the scripts confine runtime actions to: calling the Tushare API, computing indicators, cross-validating with announcements/news via Tushare, and writing Markdown reports to ~/.openclaw/workspace/memory/financial-risk/. There are no instructions to read unrelated local files, access other credentials, or contact arbitrary external endpoints beyond Tushare. The skill supports batch analysis, which can cause high-volume API usage but is consistent with its analysis purpose.

✓ Install Mechanism

No install spec is present (instruction-only from platform perspective), and included code is plain Python using standard public packages (tushare, pandas). There are no downloads from unknown URLs, no extract/install steps, and no packaging that would place binaries in unusual locations. The lack of an install script means a user must install Python deps manually before running the scripts.

⚠ Credentials

The code and SKILL.md require a single sensitive credential: TUSHARE_TOKEN (Tushare Pro API token) which is appropriate and necessary for fetching Chinese A-share financial data. However, the registry metadata (presented in the evaluation header) stated 'Required env vars: none' — this discrepancy is problematic because a user could install/enable the skill without realizing it will request and transmit a paid/privileged API token. No other unrelated secrets (AWS, GitHub, etc.) are requested.

✓ Persistence & Privilege

The skill does not request always:true, does not modify other skills, and does not require elevated system privileges. It writes reports to a subdirectory under the user's home (~/.openclaw/workspace/memory/financial-risk), which is within expected behavior for a reporting tool. Autonomous invocation (model-invocation enabled) is the platform default and is not by itself a new risk here.

版本历史

v1.0.4

- No functional or documentation changes in this version. - Version bump only; skill.json updated.

v1.0.3

- Added author, license, and homepage metadata to skill definition. - Expanded environment variable details with scope and usage clarification. - Added "Limitations", "Data Sources", and "Provenance" sections to documentation. - Clarified requirement for Tushare Pro API token and market coverage. - No core functionality changes.

v1.0.2

- Updated internal metadata in skill.json; no user-facing changes or new features.

v1.0.1

- Added skill manifest (skill.json) for improved discoverability and configuration. - Updated documentation to specify required environment variables and Python dependencies. - Clarified how to obtain and set up the necessary Tushare API token. - Enhanced setup instructions, including installation of dependencies and environmental requirements.

v1.0.0

- Initial release of financial-risk-scanner. - Scans listed company financial statements for 21 types of potential financial fraud risks and accounting anomalies. - Fetches 10+ years of company data via Tushare APIs and calculates historical risk metrics. - Generates a comprehensive risk report with severity ratings, cross-validation from announcements, and actionable recommendations. - Supports input of a single stock code and outputs structured markdown reports.

元数据

Slug financial-risk-scanner

版本 1.0.4

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 5

常见问题