← 返回 Skills 市场
553
总下载
0
收藏
4
当前安装
1
版本数
在 OpenClaw 中安装
/install quant-stock-picker-pro
功能描述
AI-powered stock screening tool for Chinese A-shares. Daily picks using multi-factor analysis (fundamentals + technical + sentiment). Use when user asks abou...
安全使用建议
This skill appears to implement the described stock‑screening features, but there are several red flags you should consider before installing or running it: 1) The main script injects a hardcoded user path (/Users/…/workspace/scripts) into Python's import path — this can cause the skill to import arbitrary local code on your machine; 2) It clears HTTP_PROXY/HTTPS_PROXY and sets NO_PROXY='*', which can bypass proxy/monitoring setups and is unnecessary for normal operation; 3) It imports or references an anti‑scraping library (Scrapling / StealthyFetcher), indicating aggressive scraping behavior; 4) SKILL.md mentions config files and other scripts that are not present in the package (e.g., scripts/config.py, market_executor.py), suggesting the package may be incomplete or inconsistent. Recommendations: only run this in an isolated environment (sandbox / VM), inspect and remove the sys.path insertion and proxy overrides before use, avoid running pip installs from unknown sources without reviewing packages, and confirm the skill's author/origin. If you plan to use it with real accounts or sensitive network environments, do not install until these issues are resolved.
功能分析
Type: OpenClaw Skill
Name: quant-stock-picker-pro
Version: 1.0.0
The skill bundle contains hardcoded absolute paths to a specific user's home directory ('/Users/liangjiahao/') in 'scripts/quant-stock-picker-ultimate-integrated.py', which is a significant security risk and functional flaw for a shared bundle. The main script also explicitly disables system proxies (HTTP_PROXY/HTTPS_PROXY), a technique often used to bypass network monitoring. While these appear to be unintentional developer errors or aggressive optimization rather than clear malware, the combination of hardcoded paths and network bypasses warrants a suspicious classification.
能力评估
Purpose & Capability
Name/description (A‑share multi‑factor screener) align with the code: scripts fetch market data, compute factors, and produce recommendations. However SKILL.md references config/scripts (e.g., scripts/config.py, risk_backtest.py, market_executor.py) that are not present in the manifest — this mismatch suggests incomplete packaging or sloppy docs. Overall capability is reasonable for the stated purpose, but missing files and unrealistic model metrics (F1 0.54%) are odd.
Instruction Scope
Runtime instructions and code perform wide network scraping (Sina, EastMoney, AkShare, web scraping of '股吧') and call external APIs. The SKILL.md instructs adding a cron job and pip installing dependencies — normal — but the actual scripts manipulate environment proxies (clearing HTTP_PROXY/HTTPS_PROXY and setting NO_PROXY='*') and the main script inserts a hardcoded absolute path (/Users/liangjiahao/.openclaw/workspace/scripts) into sys.path before importing modules. Those actions go beyond straightforward data collection and could be used to bypass network controls or import local/hidden code.
Install Mechanism
No formal install spec in registry (instruction‑only); SKILL.md recommends pip installing common data science and data packages (pandas, xgboost, akshare, efinance). This is expected for a Python quant tool. Because installation is manual (pip), risk is moderate — user must vet packages before pip install. No downloads from unknown URLs were observed.
Credentials
The skill declares no required environment variables or credentials, which is reasonable. But the code forcibly clears proxy environment variables (HTTP_PROXY, HTTPS_PROXY) and sets NO_PROXY='*' at runtime — this is disproportionate and suspicious because it alters agent/network behavior without a clear, legitimate reason. The script also inserts a hardcoded user path into sys.path which could cause imports to load arbitrary modules from the user's filesystem.
Persistence & Privilege
The skill does not request always:true and does not declare modifications to other skills or system configs. It asks users to add a cron job via an openclaw command in SKILL.md, which is a normal scheduling step but requires user action. Autonomous invocation is allowed (platform default) but not by itself a concern here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install quant-stock-picker-pro - 安装完成后,直接呼叫该 Skill 的名称或使用
/quant-stock-picker-pro触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Quant Stock Picker Pro 1.0.0 – initial release
- Launch of an AI-powered stock screening tool focused on Chinese A-shares.
- Supports daily stock picks using multi-factor analysis (fundamental, technical, sentiment).
- Incorporates news and social sentiment data alongside traditional financial indicators.
- Features built-in risk controls and customization for selection strategies and factor weights.
- Provides results in markdown report format with top stock recommendations and risk disclosures.
元数据
常见问题
Quant Stock Picker Pro 是什么?
AI-powered stock screening tool for Chinese A-shares. Daily picks using multi-factor analysis (fundamentals + technical + sentiment). Use when user asks abou... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 553 次。
如何安装 Quant Stock Picker Pro?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install quant-stock-picker-pro」即可一键安装,无需额外配置。
Quant Stock Picker Pro 是免费的吗?
是的,Quant Stock Picker Pro 完全免费(开源免费),可自由下载、安装和使用。
Quant Stock Picker Pro 支持哪些平台?
Quant Stock Picker Pro 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Quant Stock Picker Pro?
由 ERIC961(@eric961)开发并维护,当前版本 v1.0.0。
推荐 Skills