← 返回 Skills 市场
港股+A股盯盘系统
作者
merlini0116
· GitHub ↗
· v1.0.0
· MIT-0
113
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install hk-stock-monitor
功能描述
港股+A股实时盯盘系统,支持技术分析、涨跌幅告警、飞书推送。使用场景:(1) 查询港股/A股实时行情,(2) 监控股票涨跌幅告警,(3) 生成技术分析报告,(4) 定时推送盯盘报告。触发关键词:盯盘、股票监控、港股行情、A股行情、涨跌告警、技术分析。
使用说明 (SKILL.md)
港股+A股盯盘系统
实时盯盘 + 技术分析 + 告警推送,专为港股/A股投资者设计。
快速使用
获取实时行情
cd scripts && node monitor.js
输出:16只股票实时行情 + 技术分析 + 操作建议
检查涨跌幅告警
cd scripts && node alert-check.js
- 涨跌幅超过 4.9% 时推送飞书告警
- 每只股票每天最多告警1次
定时监控 (cron)
# 每30分钟运行一次
*/30 9-16 * * 1-5 cd /path/to/scripts && node monitor.js >> /var/log/monitor.log 2>&1
# 每3分钟检查告警
*/3 9-16 * * 1-5 cd /path/to/scripts && node alert-check.js >> /var/log/alert.log 2>&1
监控股票列表
A股 (8只):美的集团、中控技术、工商银行、中国中车、长安汽车、爱尔眼科、宋城演艺、青岛啤酒
港股 (8只):美团-W、阿里巴巴-SW、腾讯控股、吉利汽车、山高控股、华润燃气、顺丰控股、海尔智家
技术分析维度
| 维度 | 说明 |
|---|---|
| 量价关系 | 放量上涨/缩量上涨/放量下跌/缩量下跌 |
| 涨跌位置 | 强势上涨/稳健上涨/小幅下跌/大幅下跌 |
| 委比分析 | 买盘强劲/卖压较重 |
| 振幅分析 | 剧烈波动/正常波动/交投清淡 |
操作建议逻辑
根据综合评分生成:
- 持有/逢低加仓:趋势向好,量价配合
- 观望:方向不明,等待信号
- 减仓/止损:下跌趋势明显
数据源
- 主数据源:新浪财经(免费,无需 API key)
- 备用数据源:QVeris(付费,需 API key)
故障时自动切换,连续失败3次发送告警。
飞书推送配置
编辑 scripts/data-sources.js:
const CONFIG = {
chatId: 'oc_xxx', // 飞书群聊 ID
...
};
Pro 版功能 (订阅 $20/月)
| 功能 | 基础版 | Pro 版 |
|---|---|---|
| 股票数量 | 8只 | 16只 + 自定义 |
| 告警推送 | ❌ | ✅ 飞书/Telegram |
| AI投研 | ❌ | ✅ hk-ai-stock-expert |
| 历史数据 | 7天 | 6个月 |
Pro 版订阅联系作者获取。
文件结构
hk-stock-monitor/
├── SKILL.md
├── scripts/
│ ├── monitor.js # 主监控脚本
│ ├── alert-check.js # 告警检查脚本
│ └── data-sources.js # 数据获取模块
└── references/
└ stocks.md # 股票配置参考
安全使用建议
This skill largely behaves like a stock-monitoring/alerting tool, but take these precautions before installing or running it:
- Do not trust the hard-coded QVeris API key in the source. Treat it as a secret leakage risk; rotate the key if it is yours, or remove it and require the user to supply QVERIS_API_KEY via environment variables.
- The SKILL.md lists no required env vars but the code uses QVERIS_API_KEY. Ask the author to declare required env vars (and remove embedded secrets) or refuse to use the hard-coded default.
- The scripts write state and data to absolute paths under /root/.openclaw/... and /var/log in the suggested cron. Ensure these paths are appropriate for your environment and that you run the scripts with a least-privileged account (do not run as root unless you intend to). Consider changing paths to a dedicated, non-root workspace.
- The code execs an external qveris-official script (node qveris_tool.mjs) by cd'ing into /root/.openclaw/workspace/skills/qveris-official. Verify that file exists and inspect it for malicious behavior before running. If that dependency is not present, the skill shells out to execute code in another skill's workspace — this increases risk.
- The scripts call openclaw message send via child_process.execSync to deliver Feishu messages. Confirm what openclaw message send does in your environment and that the chatId is correct. If you don't want messages sent automatically, remove or stub out sendAlert calls while testing.
- Run the code in an isolated environment (container or VM) first, and review/modify the code to remove hard-coded credentials and absolute paths. Provide QVERIS_API_KEY via environment only if you trust QVeris and have a paid account.
What would change this assessment: if the author published a clear README stating the external qveris dependency, removed the hard-coded API key and declared required env vars, and replaced absolute /root paths with configurable relative paths, the concerns would be largely resolved and the skill would look coherent and lower risk. If you cannot verify or remove the hard-coded key and the external script, treat installation as risky.
功能分析
Type: OpenClaw Skill
Name: hk-stock-monitor
Version: 1.0.0
The skill bundle contains hardcoded sensitive credentials, including a QVeris API key and a specific Feishu Chat ID (oc_c771930429ba9d9683b8a38fe3a9b3f9) in 'data-sources.js' and 'alert-check.js', which could lead to monitoring data being sent to the author's endpoint. Additionally, the scripts use 'execSync' with unsanitized string interpolation to call the OpenClaw CLI and external tools, introducing a high risk of shell injection. While the behavior aligns with the stated stock monitoring purpose, the combination of hardcoded secrets and insecure command execution is highly irregular for a public skill.
能力评估
Purpose & Capability
The name/description (A/HK stock monitoring, alerts, Feishu push) matches the included scripts and runtime behavior: fetching quotes (Sina/QVeris), computing indicators, and sending Feishu messages. Using QVeris as a paid fallback is plausible. Minor concern: the scripts expect a local qveris-official script under the workspace (executes that script), which is an external dependency not mentioned in SKILL.md.
Instruction Scope
SKILL.md instructs running the provided node scripts and cron jobs. The scripts read/write state and data under absolute paths (e.g. /root/.openclaw/workspace/...), call execSync to run the openclaw CLI and an external qveris tool, and send messages via openclaw message send. The SKILL.md does not declare these file paths or that it will execute another skill's script, creating scope creep and implicit permissions to read/write the workspace and execute other code.
Install Mechanism
No install spec (instruction-only) and no downloads — low installation risk. The code will only be written if the user places it in their environment and runs the scripts.
Credentials
The repository metadata declares no required env vars, but the code reads process.env.QVERIS_API_KEY. Worse, a full API key string ('sk-...') is hard-coded as a default in two places. This is an unexpected secret embedded in code and an undeclared credential requirement. The scripts also hard-code Feishu chat IDs. These are disproportionate to the SKILL.md which does not list secrets.
Persistence & Privilege
The skill does not set always:true and is user-invocable (normal). It persists state/data under absolute workspace paths and uses execSync to run other scripts and the openclaw CLI. That means if you run it, it will create files and invoke other local tools — review those locations and permissions first. Executing another skill's script increases blast radius if that script is untrusted.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install hk-stock-monitor - 安装完成后,直接呼叫该 Skill 的名称或使用
/hk-stock-monitor触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
首次发布
元数据
常见问题
港股+A股盯盘系统 是什么?
港股+A股实时盯盘系统,支持技术分析、涨跌幅告警、飞书推送。使用场景:(1) 查询港股/A股实时行情,(2) 监控股票涨跌幅告警,(3) 生成技术分析报告,(4) 定时推送盯盘报告。触发关键词:盯盘、股票监控、港股行情、A股行情、涨跌告警、技术分析。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 113 次。
如何安装 港股+A股盯盘系统?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install hk-stock-monitor」即可一键安装,无需额外配置。
港股+A股盯盘系统 是免费的吗?
是的,港股+A股盯盘系统 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
港股+A股盯盘系统 支持哪些平台?
港股+A股盯盘系统 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 港股+A股盯盘系统?
由 merlini0116(@merlini0116)开发并维护,当前版本 v1.0.0。
推荐 Skills