← 返回 Skills 市场
股票实时行情分析器
作者
寒武纪智能Cambrian Intelligence
· GitHub ↗
· v1.0.0
· MIT-0
53
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install hitjcl-stock-analyzer
功能描述
A股/港股实时行情查询、基本面分析、深度报告生成与邮件发送一体化工具。触发场景:(1) 用户询问股票价格、市值、PE/PB等数据;(2) 用户要求分析某只或多只股票;(3) 用户要求生成股票分析报告;(4) 用户要求通过邮件发送股票报告。支持AkShare实时行情、聚宽基本面数据、QQ邮箱/Gmail发送。
使用说明 (SKILL.md)
Stock Analyzer - 股票深度分析工具
快速开始
1. 查询实时行情
# 使用 scripts/stock_query.py
python scripts/stock_query.py --codes 03690.HK,300413.SZ,300251.SZ
返回:股价、涨跌幅、成交量、成交额
2. 获取基本面数据
# 需要先配置聚宽账号
python scripts/jq_login.py --phone 18019786011 --password YOUR_PASSWORD
python scripts/stock_fundamentals.py --codes 300413.SZ,300251.SZ
返回:PE、PB、市值、ROE、营收增长率等
3. 生成分析报告
python scripts/generate_report.py --codes 03690.HK,300413.SZ --output report.md
4. 发送邮件
python scripts/send_email.py --to [email protected] --file report.md --auth-code YOUR_AUTH_CODE
工作流程
用户请求 → 解析股票代码 → 获取实时行情 → 获取基本面 → 深度分析 → 生成报告 → 发送邮件
步骤详解
Step 1: 解析股票代码
支持格式:
- 港股:
03690.HK、00772.HK(腾讯股票代码格式) - A股:
300413.SZ、600519.SH(交易所代码格式) - 简写:
美团、芒果超媒(自动匹配代码)
Step 2: 获取实时行情
使用 AkShare 库:
- A股:
ak.stock_zh_a_spot_em() - 港股:
ak.stock_hk_spot_em()
Step 3: 获取基本面数据
使用聚宽 JoinQuant API:
get_fundamentals()获取 PE、PB、市值get_valuation()获取估值历史- 注意:聚宽免费版数据权限有限
Step 4: 深度分析
分析维度:
- 估值分析:PE/PB历史分位、同行业对比
- 趋势分析:近期涨跌幅、成交量变化
- 基本面分析:营收、利润增速、ROE
- 风险提示:异常波动、业绩下滑
Step 5: 生成报告
报告结构(见 references/report_template.md):
- 标题:五大标的买入分析报告
- 摘要:关键结论
- 正文:逐个标的深度分析
- 总结:操作建议
Step 6: 发送邮件
支持:
- QQ邮箱(推荐):smtp.qq.com:465 SSL
- Gmail:smtp.gmail.com:587 STARTTLS
QQ邮箱配置要点:
- 必须使用授权码(非密码)
- 推荐使用 465 端口 SSL
- Python 使用
smtplib.SMTP_SSL
常见问题
Q: 聚宽登录失败?
检查:
- 手机号/密码是否正确
- 账号是否过期(免费版1年有效期)
- 是否有港股数据权限
Q: 邮件发送失败?
常见错误:
Login denied:授权码错误或邮箱地址错误Connection closed:端口选择错误,尝试 465 SSLSMTPAuthenticationError:需要开启 SMTP 服务并生成授权码
Q: AkShare 获取数据失败?
可能原因:
- 网络问题:检查代理设置
- 并发限制:逐个查询而非批量
- 数据源维护:稍后重试
依赖安装
pip install akshare jqdatasdk pandas
文件说明
scripts/
stock_query.py- 实时行情查询stock_fundamentals.py- 基本面数据获取generate_report.py- 报告生成send_email.py- 邮件发送jq_login.py- 聚宽登录配置
references/
report_template.md- 报告模板stock_codes.md- 常用股票代码对照表
使用示例
示例1:查询美团股价
用户:帮我查一下美团的股价
→ 调用 stock_query.py --codes 03690.HK
→ 返回:美团(03690.HK) HK$80.70 (-1.41%)
示例2:分析多只股票
用户:分析一下美团、芒果超媒、光线传媒
→ 调用 stock_query.py 获取行情
→ 调用 stock_fundamentals.py 获取基本面
→ 生成分析报告
示例3:发送报告到邮箱
用户:把报告发到我邮箱
→ 调用 send_email.py --to [email protected] --file report.md
→ 使用 QQ 邮箱 SMTP 发送
安全使用建议
Key things to consider before installing/using this skill:
- Incomplete package: SKILL.md references jq_login.py, stock_fundamentals.py, generate_report.py but only stock_query.py and send_email.py are included. Ask the publisher for the missing scripts or don't use it until complete.
- Avoid passing secrets on the command line. The send_email and JoinQuant examples show passwords and auth codes passed as CLI args — this exposes them to shell history and process listings. Prefer environment variables or interactive prompt, and verify scripts do not log secrets.
- Verify email behavior: send_email.py uses the provided --to address as the sending account (from_email = to_email). Confirm you pass your own email address and correct auth code, or adapt the script to accept distinct sender/recipient to avoid confusion.
- Verify JoinQuant usage: jqdatasdk is listed but no corresponding scripts are present to inspect. Confirm how your JoinQuant credentials are stored and used before supplying them.
- Network & data sources: stock_query.py uses akshare which fetches remote market data. If you proceed, review akshare calls and ensure you trust the data sources.
- If you need to use this, request the missing files from the author and review them for secret handling and external endpoints. If you cannot obtain them, treat the skill as incomplete and avoid running it with real credentials.
功能分析
Type: OpenClaw Skill
Name: hitjcl-stock-analyzer
Version: 1.0.0
The skill bundle provides legitimate stock analysis and email reporting functionality, but contains significant security vulnerabilities that could be exploited. Specifically, 'scripts/send_email.py' accepts a file path via the '--file' argument and reads/sends its content without any path sanitization or validation, which could allow an attacker to exfiltrate sensitive local files via prompt injection. Furthermore, 'SKILL.md' encourages passing sensitive credentials (SMTP auth codes and JoinQuant passwords) as plaintext command-line arguments, which risks exposing them in system process logs or shell history.
能力评估
Purpose & Capability
The SKILL.md claims a full pipeline including JoinQuant login, fundamentals fetching, report generation and mailing. The repository only includes stock_query.py and send_email.py; scripts referenced in the docs (jq_login.py, stock_fundamentals.py, generate_report.py) are missing. The README also asks to install jqdatasdk but there is no code using it in the provided files. This is an incoherence: required capabilities are advertised but not present.
Instruction Scope
Runtime instructions direct the agent/user to run CLI commands that include credentials (e.g., `jq_login.py --phone ... --password YOUR_PASSWORD` and `send_email.py --auth-code ...`). Passing secrets on the command line exposes them via shell history and process lists. The send_email usage in SKILL.md assumes calling --to with the sender's account; the send_email.py implementation sets from_email = to_email (it treats the 'to' argument as the sender account), which is confusing and may cause unexpected authentication failures or mis-sent emails. The stock_query.py does only quote retrieval via akshare (no fundamentals), so following the documented workflow will fail or be incomplete.
Install Mechanism
No install spec is present (instruction-only install), which is lower risk. SKILL.md asks to pip install akshare, jqdatasdk, pandas — those are plausible dependencies for the advertised features. Because some referenced scripts are missing, the promised install+run workflow is incomplete, not evidence of malicious install behavior.
Credentials
The skill declares no required environment variables or credentials, and the included code does not read any env vars. However, the documented workflow requires user credentials (JoinQuant phone/password and email auth codes/app passwords) to be supplied via CLI arguments. Those credentials are relevant to the claimed functionality, but passing them on the command line is unsafe. There are no unrelated credentials requested.
Persistence & Privilege
The skill does not request permanent or elevated privileges. Flags show always:false and no install script that would modify agent/system configuration. The provided scripts do not attempt to persist credentials or alter other skills.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install hitjcl-stock-analyzer - 安装完成后,直接呼叫该 Skill 的名称或使用
/hitjcl-stock-analyzer触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
首个版本:支持A股/港股实时行情查询、基本面分析、报告生成
元数据
常见问题
股票实时行情分析器 是什么?
A股/港股实时行情查询、基本面分析、深度报告生成与邮件发送一体化工具。触发场景:(1) 用户询问股票价格、市值、PE/PB等数据;(2) 用户要求分析某只或多只股票;(3) 用户要求生成股票分析报告;(4) 用户要求通过邮件发送股票报告。支持AkShare实时行情、聚宽基本面数据、QQ邮箱/Gmail发送。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 53 次。
如何安装 股票实时行情分析器?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install hitjcl-stock-analyzer」即可一键安装,无需额外配置。
股票实时行情分析器 是免费的吗?
是的,股票实时行情分析器 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
股票实时行情分析器 支持哪些平台?
股票实时行情分析器 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 股票实时行情分析器?
由 寒武纪智能Cambrian Intelligence(@hitjcl)开发并维护,当前版本 v1.0.0。
推荐 Skills