← 返回 Skills 市场
325
总下载
1
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install stock-review-ai
功能描述
A-share market automated review and analysis system, generating daily market insights with Gemini AI, supporting publishing to Hugo blog and WeChat Official...
安全使用建议
This skill generally does what it claims (fetch data, run Gemini analysis, publish to Hugo/WeChat), but there are a couple of important issues to consider before installing or running it:
1) Inspect and fix base_dir in scripts/config.py: it computes base_dir by going four parents up from scripts/config.py, which will likely place data/content directories outside the repository and may write files in unexpected locations. If you install/run, either run it in a controlled sandbox or change base_dir to the repository root (e.g., Path(__file__).parent.parent).
2) Environment loading: the skill auto-loads .env files from multiple locations (project root, skill root, ~/.openclaw/..., XDG config). load_dotenv(..., override=True) may override your system environment variables. Put sensitive keys (Gemini/WeChat) only in a project-scoped .env or pass them explicitly via CLI/CI, and avoid running this code on machines with unrelated secrets in user-level .env files.
3) Metadata mismatch: the registry metadata doesn't list GEMINI/WECHAT env vars even though the skill expects them. Treat GEMINI_API_KEY and WeChat AppID/Secret as required for those features.
4) Run check_env.py first in a safe environment to see what files and directories the skill will create, and consider running the skill inside a container or isolated VM until you're comfortable.
5) If you plan to use WeChat publishing, be aware the code will make network calls to api.weixin.qq.com and upload images/content; only provide WeChat credentials you trust with the tool. For sensitive/commercial data, consider using paid Gemini settings as noted in docs.
If you want, I can show the exact lines in config.py and check_env.py to modify to point base_dir to the repository root, or generate a patch that limits .env loading to the project directory only.
功能分析
Type: OpenClaw Skill
Name: stock-review-ai
Version: 1.0.1
The 'stock-review-ai' skill bundle is a legitimate automated A-share market analysis and reporting tool. It utilizes the 'akshare' library for financial data retrieval, Google Gemini for market sentiment analysis, and official APIs for publishing to Hugo blogs and WeChat Official Accounts. The code structure is transparent, following standard practices for configuration management (scripts/config.py) and logging (scripts/utils/logger.py). No indicators of malicious intent, such as unauthorized data exfiltration, credential theft, or hidden backdoors, were identified.
能力评估
Purpose & Capability
Name/description match the code and instructions: it fetches A‑share data (akshare), calls Gemini via google-genai, and can post to Hugo and WeChat. One mismatch: the registry metadata lists no required env vars, yet SKILL.md and the code clearly expect GEMINI_API_KEY and optional WECHAT_APP_ID/WECHAT_APP_SECRET.
Instruction Scope
SKILL.md instructs running Python scripts and to load .env/config.yaml. The code's config loader will search and load .env from project root, skill root, ~/.openclaw/skills/stock_review/.env, and XDG config dirs and will override environment variables (load_dotenv with override=True). It also writes data and posts to content/data directories. Auto‑loading user-level .env files and writing files outside the local project expands the skill's scope beyond a contained workflow and can unexpectedly surface or override secrets/config.
Install Mechanism
There is no external download/install spec; the skill is instruction/code-only and requires pip installing listed PyPI packages (requirements.txt). No remote archives or URL downloads are used by the install process, which reduces supply‑chain risk.
Credentials
Requested credentials in docs (.env keys GEMINI_API_KEY, WECHAT_APP_ID, WECHAT_APP_SECRET) are proportional to Gemini and WeChat features. However the skill will search multiple .env locations (including user home) and call load_dotenv(override=True), which can override existing environment variables. The registry did not declare these required env vars — a metadata mismatch that users should note.
Persistence & Privilege
The code creates data and content directories and writes posts/drafts to disk. More importantly, config.py sets base_dir using Path(__file__).parent.parent.parent.parent which appears to overshoot the repository root and therefore can create/read/write directories outside the skill's directory (e.g., up two levels). This is likely a bug but results in unexpected filesystem writes outside the skill boundary and increases privilege/persistence risk. The skill is not marked always:true, and it does not modify other skills' configs.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install stock-review-ai - 安装完成后,直接呼叫该 Skill 的名称或使用
/stock-review-ai触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
update README
v1.0.0
Automated A-share Market Review System Powered by Gemini AI
元数据
常见问题
A-Share Review and Analyse 是什么?
A-share market automated review and analysis system, generating daily market insights with Gemini AI, supporting publishing to Hugo blog and WeChat Official... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 325 次。
如何安装 A-Share Review and Analyse?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install stock-review-ai」即可一键安装,无需额外配置。
A-Share Review and Analyse 是免费的吗?
是的,A-Share Review and Analyse 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
A-Share Review and Analyse 支持哪些平台?
A-Share Review and Analyse 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 A-Share Review and Analyse?
由 Leo Zhong(@donvink)开发并维护,当前版本 v1.0.1。
推荐 Skills