基于东方财富权威金融数据库,打造覆盖"数据-资讯-知识-分析-决策"全链条的智能问答服务。通过自然语言交互, 为用户提供从基础金融知识科普到专业投资研究支持的全方位解决方案,实现"一问即达"的高效金融信息获取体验。 涵盖七大核心能力:全市场金融数据实时查询(A港美股、基金、债券)、全网财经资讯智能检索(公告、研报...
Security Analysis
high confidenceThe skill is internally consistent: it calls an EastMoney assistant API, only requires a single EM_API_KEY, and the included script and instructions match the described financial-Q&A purpose.
Name/description claim a financial Q&A backed by 东方财富 (EastMoney). The skill requires only EM_API_KEY and the script posts queries to an EastMoney API endpoint — this is proportional and expected for the stated purpose.
Runtime instructions are narrowly scoped: run scripts/generate_answer.py with a question (or read a question from stdin). The script only reads the query (from args or stdin) and the EM_API_KEY env var, then POSTs to the declared API. It does not attempt to read unrelated files or other environment variables.
There is no top-level platform install spec, but SKILL.md includes an openclaw.install entry requesting installation of the Python package 'httpx'. Installing httpx from PyPI is typical for an HTTP client, but users should note the minor discrepancy (platform metadata vs SKILL.md). No arbitrary downloads or extract-from-URL installs are present.
Only a single env var (EM_API_KEY) is required and is used directly by the script as an API key header. No other credentials or unrelated secrets are requested.
Skill does not request always:true or any special persistent privileges. It runs on demand and does not modify other skills or system-wide settings.
Guidance
This skill appears to do what it says, but consider the following before installing: (1) The script will send user queries (and any content you provide) to https://ai-saas.eastmoney.com — verify that this endpoint and the API key provider (EastMoney) are acceptable for your data/ privacy needs. (2) EM_API_KEY is the only credential required; treat it as sensitive: use a scoped/limited key if possible and do not reuse privileged credentials. (3) SKILL.md requests installing the Python httpx package — ensure you install packages from trusted registries in a controlled environment. (4) Avoid sending sensitive PII or confidential data to the remote API, since queries and responses traverse an external service. (5) If you need higher assurance, verify the API provider’s documentation/terms and consider running the skill in an isolated environment or reviewing network traffic to confirm behavior.
Latest Release
v1.0.2
Publish 1.0.2
Popular Skills
Published by @financial-ai-analyst on ClawHub
