← 返回 Skills 市场
12996
总下载
6
收藏
163
当前安装
4
版本数
在 OpenClaw 中安装
/install stock-monitor
功能描述
股票价格实时监控。支持多只股票监控,使用 Yahoo Finance API 获取实时股价,自定义涨跌阈值提醒。当股价波动超过设定阈值时自动发送提醒,支持首次预警和续警机制。用于:(1) 监控持仓股票价格波动 (2) 设置价格提醒 (3) 定期检查股价变化
安全使用建议
Review before installing, especially if you expected only Yahoo Finance price alerts. Install only if you are comfortable with scheduled background checks, local portfolio-related state files, Yahoo Finance requests, and the included but under-documented Futu/OpenD script. Do not place brokerage or Futu unlock passwords in the config unless the publisher clearly documents why they are needed, how they are protected, and how to disable or remove that mode.
功能分析
Type: OpenClaw Skill
Name: stock-monitor
Version: 1.3.0
The skill is classified as suspicious due to a potential prompt injection vulnerability identified in the `SKILL.md` file. The `openclaw cron add` command includes a `--message` argument that instructs the AI agent to "运行 python3 ~/.openclaw/workspace/skills/stock-monitor/scripts/stocks_monitor.py 并把输出发给我" (Run python3 ... and send me the output). While the specific command executed here is benign (running the skill's own script), this pattern demonstrates a vulnerability where an attacker could potentially inject arbitrary commands into the agent's execution flow via the `--message` parameter. The Python scripts themselves (e.g., `scripts/stocks_monitor.py`, `scripts/futu_stocks_monitor.py`) appear benign, performing legitimate stock monitoring functions, accessing expected local configuration/state files, and interacting with known financial APIs (Yahoo Finance, local Futu OpenD) without evidence of malicious intent like data exfiltration or unauthorized access.
能力评估
Purpose & Capability
Yahoo Finance price monitoring, local stock configs, alert state, and scheduled checks fit the stated stock-alert purpose. The package also contains futu_stocks_monitor.py, which connects to Futu OpenD and can use an unlock_password; that broker-adjacent capability is not disclosed in SKILL.md and is materially broader than the advertised Yahoo Finance monitor.
Instruction Scope
The documented cron message runs the skill's own stocks_monitor.py and sends its output to Discord, which is purpose-aligned for scheduled alerts. I did not find artifact evidence that the cron instruction itself injects arbitrary commands, but users should understand that it creates repeated automated execution.
Install Mechanism
No installer, shell bootstrap, package download, obfuscation, or destructive setup behavior was present. The artifact is a markdown skill plus Python scripts, but there is no explicit permission manifest scoping file reads/writes, network access, or local Futu service access.
Credentials
Outbound Yahoo Finance requests and local state files are proportionate for stock monitoring and are partly documented. The undisclosed local Futu OpenD connection, configurable host/port, and optional unlock_password handling are not proportionate to a description that only advertises Yahoo Finance quotes.
Persistence & Privilege
The skill documents a five-minute cron job and local alert-state persistence for the main monitor, which is expected for alerts. Additional persistent state for rebalance and Futu monitors is present in code but not clearly documented, and the Futu path may involve sensitive local trading infrastructure credentials.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install stock-monitor - 安装完成后,直接呼叫该 Skill 的名称或使用
/stock-monitor触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.3.0
feat: 新增股票调仓条件单监控功能 - 支持多股票联动条件(如:拼多多涨到 100 且微软跌到 130 时提醒) - 支持重复提醒(可配置连续提醒次数和间隔) - 支持 24 小时冷却期 - 新增 HTML 网页格式输出(中英文对照) - 优化 A 股/港股 9:30 开盘前跳过检查
v1.2.0
feat: 增加 A 股/港股 9:30 开盘前跳过检查功能,避开竞价阶段虚假波动
v1.1.0
优化预警逻辑:只在股价相对上次 alert 价格再波动超 1% 时才续警,避免频繁通知
v1.0.0
初始版本
元数据
常见问题
Stock Monitor 是什么?
股票价格实时监控。支持多只股票监控,使用 Yahoo Finance API 获取实时股价,自定义涨跌阈值提醒。当股价波动超过设定阈值时自动发送提醒,支持首次预警和续警机制。用于:(1) 监控持仓股票价格波动 (2) 设置价格提醒 (3) 定期检查股价变化. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 12996 次。
如何安装 Stock Monitor?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install stock-monitor」即可一键安装,无需额外配置。
Stock Monitor 是免费的吗?
是的,Stock Monitor 完全免费(开源免费),可自由下载、安装和使用。
Stock Monitor 支持哪些平台?
Stock Monitor 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Stock Monitor?
由 大斌(@shengbinxu)开发并维护,当前版本 v1.3.0。
推荐 Skills