中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 15/100
上次扫描:1 天前 重新扫描
15 /100
openclaw-tradingview-quant
Professional quantitative investment analysis frameworks and methodologies based on TradingView data structures for stock analysis, technical indicators, market screening, and risk management
This is a pure documentation/methodology skill with no executable code, scripts, or dependencies. The only concern is a misleading documentation claim and a placeholder API key string in SECURITY.md, but no actual malicious behavior is present.
技能名称openclaw-tradingview-quant
分析耗时34.5s
引擎pi
可以安装
Update README.md to accurately reflect that API keys ARE needed for real-time data access. Remove or clarify the 'your-actual-key-here' placeholder in SECURITY.md to prevent user confusion.

安全发现 2 项

严重性 安全发现 位置
低危
Misleading 'No API keys needed' claim 文档欺骗
README.md states 'No API keys needed, no external dependencies' but SECURITY.md instructs users to set API_KEY environment variable for RapidAPI access. This doc-to-code mismatch could confuse users about actual requirements.
🔒 **Safe and Secure** - No API keys needed, no external dependencies
→ Update README.md to accurately state that API keys are optional but recommended for real-time data access, or remove this claim entirely
 README.md:14
低危
Placeholder credential string in SECURITY.md 敏感访问
SECURITY.md line 89 contains 'API_KEY="your-actual-key-here"' which could be mistaken for an actual credential or tempt users to try this exact string. The 'your-actual-key-here' makes it clearly a placeholder.
export RAPIDAPI_KEY="your-actual-key-here"
→ Consider using a clearly fake format like 'YOUR_RAPIDAPI_KEY_HERE' or '<YOUR_KEY>' instead
 SECURITY.md:89
资源类型声明权限推断权限状态证据
文件系统 NONE NONE No file operations found - pure documentation skill
网络访问 READ READ ✓ 一致 SKILL.md references RapidAPI endpoints for data structure reference only
命令执行 NONE NONE No scripts/ directory, no executable code, no subprocess calls
环境变量 NONE NONE No environment variable access in any file
技能调用 NONE NONE No skill invocation capabilities
剪贴板 NONE NONE No clipboard operations
浏览器 NONE NONE No browser automation
数据库 NONE NONE No database operations
1 高危 35 项发现
🔑
高危 API 密钥 疑似硬编码凭证
API_KEY="your-actual-key-here"
SECURITY.md:89
🔗
中危 外部 URL 外部 URL
https://img.shields.io/badge/install-skills-blue
README.md:3
🔗
中危 外部 URL 外部 URL
https://skills.sh/ljsd666/openclaw-tradingview-quant/openclaw-tradingview-quant
README.md:3
🔗
中危 外部 URL 外部 URL
https://img.shields.io/github/stars/ljsd666/openclaw-tradingview-quant?style=social
README.md:4
🔗
中危 外部 URL 外部 URL
https://rapidapi.com/hypier/api/tradingview-data1
README.md:111
🔗
中危 外部 URL 外部 URL
https://rapidapi.com
SECURITY.md:57
🔗
中危 外部 URL 外部 URL
https://rapidapi.com/terms/
SECURITY.md:60
🔗
中危 外部 URL 外部 URL
https://rapidapi.com/privacy/
SECURITY.md:61
🔗
中危 外部 URL 外部 URL
https://tradingview-data1.p.rapidapi.com/api/price/BINANCE:BTCUSDT?timeframe=1&range=10
references/api-examples/01-price-data.txt:2
🔗
中危 外部 URL 外部 URL
https://www.binance.com/en
references/api-examples/01-price-data.txt:107
🔗
中危 外部 URL 外部 URL
https://tradingview-data1.p.rapidapi.com/api/price/batch
references/api-examples/01-price-data.txt:177
🔗
中危 外部 URL 外部 URL
https://markets.cboe.com/us/equities/overview/
references/api-examples/01-price-data.txt:784
🔗
中危 外部 URL 外部 URL
https://tradingview-data1.p.rapidapi.com/api/quote/batch
references/api-examples/02-quote-data.txt:2
🔗
中危 外部 URL 外部 URL
http://www.apple.com
references/api-examples/02-quote-data.txt:124
🔗
中危 外部 URL 外部 URL
https://tradingview-data1.p.rapidapi.com/api/quote/BINANCE:BTCUSDT?session=regular&fields=all
references/api-examples/02-quote-data.txt:180
🔗
中危 外部 URL 外部 URL
https://tradingview-data1.p.rapidapi.com/api/search/market/AAPL?filter=stock
references/api-examples/03-market-search.txt:2
🔗
中危 外部 URL 外部 URL
https://tradingview-data1.p.rapidapi.com/api/ta/NASDAQ:TSLA/indicators
references/api-examples/04-technical-analysis.txt:2
🔗
中危 外部 URL 外部 URL
https://tradingview-data1.p.rapidapi.com/api/ta/NASDAQ:AAPL
references/api-examples/04-technical-analysis.txt:96
🔗
中危 外部 URL 外部 URL
https://tradingview-data1.p.rapidapi.com/api/leaderboard/corporate-bonds?columnset=overview&tab=highest-yield&start=0&la...
references/api-examples/05-leaderboards.txt:2
🔗
中危 外部 URL 外部 URL
https://tradingview-data1.p.rapidapi.com/api/news/economic?lang=en
references/api-examples/06-news.txt:2
🔗
中危 外部 URL 外部 URL
https://tradingeconomics.com/sweden/monthly-gdp-mom
references/api-examples/06-news.txt:109
🔗
中危 外部 URL 外部 URL
https://tradingeconomics.com/germany/exports
references/api-examples/06-news.txt:184
🔗
中危 外部 URL 外部 URL
https://tradingeconomics.com/lithuania/balance-of-trade
references/api-examples/06-news.txt:204
🔗
中危 外部 URL 外部 URL
https://tradingeconomics.com/sweden/new-orders
references/api-examples/06-news.txt:224
🔗
中危 外部 URL 外部 URL
https://tradingeconomics.com/commodity/eu-natural-gas
references/api-examples/06-news.txt:257
🔗
中危 外部 URL 外部 URL
https://tradingeconomics.com/germany/balance-of-trade
references/api-examples/06-news.txt:277
🔗
中危 外部 URL 外部 URL
https://tradingview-data1.p.rapidapi.com/api/metadata/exchanges
references/api-examples/07-metadata.txt:2
🔗
中危 外部 URL 外部 URL
https://tradingview-data1.p.rapidapi.com/api/calendar/economic?from=1769356800&to=1769961599&market=america
references/api-examples/08-calendar.txt:2
🔗
中危 外部 URL 外部 URL
https://www.chicagofed.org/
references/api-examples/08-calendar.txt:22
🔗
中危 外部 URL 外部 URL
https://www.census.gov/
references/api-examples/08-calendar.txt:65
🔗
中危 外部 URL 外部 URL
https://www.census.gov
references/api-examples/08-calendar.txt:88
🔗
中危 外部 URL 外部 URL
https://www.dallasfed.org
references/api-examples/08-calendar.txt:177
🔗
中危 外部 URL 外部 URL
http://www.treasurydirect.gov
references/api-examples/08-calendar.txt:197
🔗
中危 外部 URL 外部 URL
https://tradingview-data1.p.rapidapi.com/logo?url=apple&big=false
references/api-examples/09-logo.txt:2
🔗
中危 外部 URL 外部 URL
https://tradingview-data1.p.rapidapi.com/api/...
references/api-examples/README.md:32

目录结构

35 文件 · 214.1 KB · 7291 行
Markdown 26f · 5063L Text 9f · 2228L
├─ 📁 references
│ ├─ 📁 api-examples
│ │ ├─ 📄 01-price-data.txt Text 890L · 25.8 KB
│ │ ├─ 📄 02-quote-data.txt Text 235L · 8.0 KB
│ │ ├─ 📄 03-market-search.txt Text 100L · 2.8 KB
│ │ ├─ 📄 04-technical-analysis.txt Text 147L · 4.1 KB
│ │ ├─ 📄 05-leaderboards.txt Text 200L · 5.8 KB
│ │ ├─ 📄 06-news.txt Text 300L · 9.6 KB
│ │ ├─ 📄 07-metadata.txt Text 150L · 3.6 KB
│ │ ├─ 📄 08-calendar.txt Text 200L · 7.9 KB
│ │ ├─ 📄 09-logo.txt Text 6L · 210 B
│ │ └─ 📝 README.md Markdown 45L · 1.4 KB
│ ├─ 📝 api-documentation.md Markdown 606L · 22.7 KB
│ ├─ 📝 api-tools-guide.md Markdown 191L · 7.2 KB
│ ├─ 📝 china-a-stock-examples.md Markdown 98L · 2.0 KB
│ ├─ 📝 pattern-library.md Markdown 632L · 13.5 KB
│ ├─ 📝 risk-management.md Markdown 703L · 14.7 KB
│ ├─ 📝 technical-analysis.md Markdown 348L · 9.6 KB
│ └─ 📝 us-stock-examples.md Markdown 341L · 6.9 KB
├─ 📁 workflows
│ ├─ 📝 calendar-tracking.md Markdown 96L · 2.9 KB
│ ├─ 📝 deep-stock-analysis.md Markdown 132L · 3.5 KB
│ ├─ 📝 event-analysis.md Markdown 132L · 4.4 KB
│ ├─ 📝 exchange-overview.md Markdown 98L · 2.9 KB
│ ├─ 📝 fundamental-screening.md Markdown 122L · 3.3 KB
│ ├─ 📝 market-review.md Markdown 137L · 3.3 KB
│ ├─ 📝 multi-symbol-analysis.md Markdown 89L · 2.7 KB
│ ├─ 📝 multi-timeframe-analysis.md Markdown 108L · 3.6 KB
│ ├─ 📝 news-briefing.md Markdown 91L · 2.4 KB
│ ├─ 📝 pattern-recognition.md Markdown 117L · 3.7 KB
│ ├─ 📝 realtime-monitor.md Markdown 88L · 2.4 KB
│ ├─ 📝 risk-assessment.md Markdown 129L · 4.1 KB
│ ├─ 📝 sector-rotation.md Markdown 122L · 3.5 KB
│ ├─ 📝 smart-screening.md Markdown 115L · 3.3 KB
│ └─ 📝 symbol-search.md Markdown 72L · 1.9 KB
├─ 📝 README.md Markdown 221L · 9.2 KB
├─ 📝 SECURITY.md Markdown 121L · 4.2 KB
└─ 📝 SKILL.md Markdown 109L · 6.9 KB

安全亮点

✓ No executable code or scripts present - purely documentation-based skill
✓ No credential harvesting or exfiltration mechanisms
✓ No obfuscated code or base64 payloads
✓ No supply chain risks (no dependencies to attack)
✓ Good prompt injection awareness in SKILL.md (news content sanitization section)
✓ Comprehensive security policy documentation for API key handling
✓ Legitimate external URLs point to known services (RapidAPI, TradingView)
✓ No hidden functionality - all behavior is documentation and analysis methodology