基于历史技术指标验证,实时扫描筛选处于上升趋势初期的潜力股票,评分≥60分为重点关注标的。
Security Analysis
medium confidenceThe package appears to implement the stated trend-scanner/backtest functionality, but the SKILL.md and registry metadata omit important runtime requirements and the code contains hard-coded local paths and network calls — the pieces are internally inconsistent and need clarification before use.
The name/description promise a 'real-time trend launch scanner', but the repository contains many backtest and utility scripts focused on historical analysis and batch backtests (multiple backtest_*.py, top5_backtest, etc.). The code relies on external market-data APIs (baostock and Tencent web API) and writes/reads data under hard-coded Windows paths (e.g., C:/Users/Administrator/.qclaw/workspace-ag01/data/trend_scan), yet the skill metadata and SKILL.md do not declare those dependencies, data sources, or required filesystem access. That mismatch (light-weight README vs. heavyweight code assumptions) is a coherence concern.
SKILL.md gives a simple runtime instruction (python trend_scanner.py) and high-level descriptions of modules, but does not document that many scripts will: (a) make network requests to external APIs (baostock, Tencent), (b) require multiple Python libraries (pandas, numpy, requests, baostock) and (c) read/write files under specific absolute paths. Several scripts call bs.login()/bs.logout(), hit web.ifzq.gtimg.cn, and save JSON to DATA_DIR. The runtime instructions are incomplete and omit file/network actions that materially affect privacy and environment.
No install spec is provided (instruction-only), so nothing is packaged/installed automatically. However, the code clearly requires third-party Python packages (pandas, numpy, baostock, requests, possibly others) which are not declared. This is not an immediate supply-chain red flag (no arbitrary download URLs or extract operations), but it is an operational omission: users need to pip-install dependencies manually or the scripts will fail.
The skill declares no required environment variables or credentials, and the code does not appear to expect secrets. However, it does perform network requests to public market-data endpoints (baostock, Tencent) and uses hard-coded filesystem locations under C:/Users/Administrator/.qclaw; those absolute paths may unintentionally read or overwrite local datasets. The absence of any declared config/paths in metadata contrasts with the code's reliance on local directories (DATA_DIR) and specific workspace layout.
Flags show always:false and normal autonomous invocation allowed (default). The skill does not request permanent 'always' inclusion and does not modify other skills. The main elevated behaviors are normal: network I/O and file read/write when executed, which is expected for a backtester but should be noted.
Guidance
Before installing or running this skill: 1) Expect to need Python and packages (pandas, numpy, baostock, requests, etc.) — the SKILL.md/metadata do not list them. 2) Inspect or change the hard-coded DATA_DIR and sys.path entries (they point to C:/Users/Administrator/.qclaw/…), otherwise the scripts may read/write data in those locations or fail on non-Windows systems. 3) The code makes network calls to baostock and Tencent (web.ifzq.gtimg.cn) to fetch market data — ensure you are comfortable allowing those requests. 4) Run the code first in an isolated environment (sandbox or container) so you can observe file I/O and network traffic. 5) Ask the publisher to provide a clear dependency list, configurable data directory, and a concise README describing which scripts are intended for real-time scanning vs. offline backtesting. If you need this skill to run inside a restricted environment (no network or no file writes), request a version that documents and parameterizes those behaviors.
Latest Release
v1.1.0
v1.1.0: 统一评分v3.2(RSI重构+超跌加成),扫描池扩至620只,支持行业分散输出,添加退市股二次过滤
Popular Skills
Published by @jayden-zhong on ClawHub
