Scan Report
0 /100
a-share-skill
A股数据综合分析 — 查询实时行情、历史数据、技术指标、事件、资金面与个股行业信息
A legitimate A-share stock market data query skill with no malicious behavior. All network access is to documented financial data sources (Sina, Tencent, EastMoney, Xueqiu, akshare), dependencies are standard data analysis packages, and no shell execution, credential access, or obfuscation was found.
Safe to install
This skill is safe to use. No security concerns identified.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | READ | ✓ Aligned | fetch_stock_events.py:67 reads/writes stock_name_map.json in cache dir |
| Network | READ | READ | ✓ Aligned | All scripts make HTTP GET requests to financial APIs |
| Shell | NONE | NONE | — | No subprocess/os.system/os.popen calls found |
| Environment | NONE | NONE | — | No os.environ iteration or reading |
| Skill Invoke | NONE | NONE | — | N/A |
| Clipboard | NONE | NONE | — | N/A |
| Browser | NONE | NONE | — | N/A |
| Database | NONE | NONE | — | N/A |
25 findings
Medium External URL 外部 URL
https://dang-invest.com/api/market/news?limit=N&offset=M references/api-reference.md:59 Medium External URL 外部 URL
https://dang-invest.com/api/market/boards/summary?mode=industry&limit=N&sort=sortKey references/api-reference.md:69 Medium External URL 外部 URL
https://dang-invest.com/api/market/boards/detail?mode=industry&groupKey=KEY&sort=sortKey&items_limit=N&items_offset=M references/api-reference.md:76 Medium External URL 外部 URL
http://web.ifzq.gtimg.cn/appstock/app/fqkline/get?param= scripts/Ashare.py:9 Medium External URL 外部 URL
http://ifzq.gtimg.cn/appstock/app/kline/mkline?param= scripts/Ashare.py:20 Medium External URL 外部 URL
http://money.finance.sina.com.cn/quotes_service/api/json_v2.php/CN_MarketData.getKLineData?symbol= scripts/Ashare.py:39 Medium External URL 外部 URL
https://money.finance.sina.com.cn/quotes_service/api/json_v2.php/CN_MarketData.getKLineData scripts/fetch_history_fallback.py:33 Medium External URL 外部 URL
https://web.ifzq.gtimg.cn/appstock/app/fqkline/get scripts/fetch_history_fallback.py:34 Medium External URL 外部 URL
https://qt.gtimg.cn/q= scripts/fetch_history_fallback.py:35 Medium External URL 外部 URL
https://hq.sinajs.cn/list= scripts/fetch_history_fallback.py:36 Medium External URL 外部 URL
https://push2.eastmoney.com/api/qt/stock/get scripts/fetch_history_fallback.py:37 Medium External URL 外部 URL
https://emweb.eastmoney.com/PC_HSF10/CompanySurvey/CompanySurveyAjax scripts/fetch_history_fallback.py:40 Medium External URL 外部 URL
https://push2.eastmoney.com/api/qt/clist/get scripts/fetch_history_fallback.py:41 Medium External URL 外部 URL
http://vip.stock.finance.sina.com.cn/quotes_service/api/json_v2.php/Market_Center.getHQNodeStockCount scripts/fetch_history_fallback.py:45 Medium External URL 外部 URL
http://vip.stock.finance.sina.com.cn/quotes_service/api/json_v2.php/Market_Center.getHQNodeData scripts/fetch_history_fallback.py:46 Medium External URL 外部 URL
https://finance.eastmoney.com scripts/fetch_history_fallback.py:72 Medium External URL 外部 URL
https://stock.xueqiu.com/v5/stock/chart/kline.json scripts/fetch_history_fallback.py:224 Medium External URL 外部 URL
https://xueqiu.com/S/ scripts/fetch_history_fallback.py:235 Medium External URL 外部 URL
https://ifzq.gtimg.cn/appstock/app/kline/mkline scripts/fetch_realtime.py:50 Medium External URL 外部 URL
https://stock.gtimg.cn/data/index.php scripts/fetch_realtime.py:53 Medium External URL 外部 URL
https://dang-invest.com/api/market/news scripts/fetch_realtime.py:54 Medium External URL 外部 URL
https://dang-invest.com/api/market/boards/summary scripts/fetch_realtime.py:55 Medium External URL 外部 URL
https://dang-invest.com/api/market/boards/detail scripts/fetch_realtime.py:56 Medium External URL 外部 URL
https://finance.sina.com.cn/ scripts/fetch_realtime.py:929 Medium External URL 外部 URL
https://push2.eastmoney.com/api/qt/slist/get scripts/fetch_sector_info.py:133 File Tree
9 files · 157.4 KB · 4172 lines Python 7f · 3838L
Markdown 2f · 334L
├─
▾
references
│ └─
api-reference.md
Markdown
├─
▾
scripts
│ ├─
Ashare.py
Python
│ ├─
fetch_history_fallback.py
Python
│ ├─
fetch_history.py
Python
│ ├─
fetch_realtime.py
Python
│ ├─
fetch_sector_info.py
Python
│ ├─
fetch_stock_events.py
Python
│ └─
fetch_technical.py
Python
└─
SKILL.md
Markdown
Dependencies 5 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
akshare | * | pip | No | Version not pinned but is a widely-used, reputable A-share data library |
pandas | * | pip | No | Version not pinned; standard data analysis library |
numpy | * | pip | No | Version not pinned; standard numerical library |
requests | * | pip | No | Version not pinned; standard HTTP library |
MyTT | * | pip | No | Version not pinned; technical indicators library |
Security Positives
✓ No shell execution (subprocess/os.system/popen) anywhere in the codebase
✓ No credential harvesting — no access to ~/.ssh, ~/.aws, .env, or API keys
✓ No base64 obfuscation or dynamic code execution (eval/exec/atob)
✓ No C2 communication or data exfiltration patterns
✓ No reverse shell, reverse TCP, or listener logic
✓ No prompt injection instructions hidden in comments or strings
✓ No supply chain risks — akshare/MyTT/pandas/numpy/requests are all standard, well-known data analysis packages
✓ All network requests go to documented, publicly known Chinese financial data APIs (Sina, Tencent, EastMoney, Xueqiu, DangInvest)
✓ Documentation (SKILL.md) accurately describes all capabilities and data sources
✓ Filesystem access is read-only for data fetching; the only write is to a local cache file (stock_name_map.json) within the skill directory
✓ No suspicious IOCs — all external URLs resolve to legitimate financial data endpoints