扫描报告
0 /100
a-share-skill
A股数据综合分析 — 查询实时行情、历史数据、技术指标、事件、资金面与个股行业信息
A legitimate A-share stock market data query skill with no malicious behavior. All network access is to documented financial data sources (Sina, Tencent, EastMoney, Xueqiu, akshare), dependencies are standard data analysis packages, and no shell execution, credential access, or obfuscation was found.
可以安装
This skill is safe to use. No security concerns identified.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | READ | ✓ 一致 | fetch_stock_events.py:67 reads/writes stock_name_map.json in cache dir |
| 网络访问 | READ | READ | ✓ 一致 | All scripts make HTTP GET requests to financial APIs |
| 命令执行 | NONE | NONE | — | No subprocess/os.system/os.popen calls found |
| 环境变量 | NONE | NONE | — | No os.environ iteration or reading |
| 技能调用 | NONE | NONE | — | N/A |
| 剪贴板 | NONE | NONE | — | N/A |
| 浏览器 | NONE | NONE | — | N/A |
| 数据库 | NONE | NONE | — | N/A |
25 项发现
中危 外部 URL 外部 URL
https://dang-invest.com/api/market/news?limit=N&offset=M references/api-reference.md:59 中危 外部 URL 外部 URL
https://dang-invest.com/api/market/boards/summary?mode=industry&limit=N&sort=sortKey references/api-reference.md:69 中危 外部 URL 外部 URL
https://dang-invest.com/api/market/boards/detail?mode=industry&groupKey=KEY&sort=sortKey&items_limit=N&items_offset=M references/api-reference.md:76 中危 外部 URL 外部 URL
http://web.ifzq.gtimg.cn/appstock/app/fqkline/get?param= scripts/Ashare.py:9 中危 外部 URL 外部 URL
http://ifzq.gtimg.cn/appstock/app/kline/mkline?param= scripts/Ashare.py:20 中危 外部 URL 外部 URL
http://money.finance.sina.com.cn/quotes_service/api/json_v2.php/CN_MarketData.getKLineData?symbol= scripts/Ashare.py:39 中危 外部 URL 外部 URL
https://money.finance.sina.com.cn/quotes_service/api/json_v2.php/CN_MarketData.getKLineData scripts/fetch_history_fallback.py:33 中危 外部 URL 外部 URL
https://web.ifzq.gtimg.cn/appstock/app/fqkline/get scripts/fetch_history_fallback.py:34 中危 外部 URL 外部 URL
https://qt.gtimg.cn/q= scripts/fetch_history_fallback.py:35 中危 外部 URL 外部 URL
https://hq.sinajs.cn/list= scripts/fetch_history_fallback.py:36 中危 外部 URL 外部 URL
https://push2.eastmoney.com/api/qt/stock/get scripts/fetch_history_fallback.py:37 中危 外部 URL 外部 URL
https://emweb.eastmoney.com/PC_HSF10/CompanySurvey/CompanySurveyAjax scripts/fetch_history_fallback.py:40 中危 外部 URL 外部 URL
https://push2.eastmoney.com/api/qt/clist/get scripts/fetch_history_fallback.py:41 中危 外部 URL 外部 URL
http://vip.stock.finance.sina.com.cn/quotes_service/api/json_v2.php/Market_Center.getHQNodeStockCount scripts/fetch_history_fallback.py:45 中危 外部 URL 外部 URL
http://vip.stock.finance.sina.com.cn/quotes_service/api/json_v2.php/Market_Center.getHQNodeData scripts/fetch_history_fallback.py:46 中危 外部 URL 外部 URL
https://finance.eastmoney.com scripts/fetch_history_fallback.py:72 中危 外部 URL 外部 URL
https://stock.xueqiu.com/v5/stock/chart/kline.json scripts/fetch_history_fallback.py:224 中危 外部 URL 外部 URL
https://xueqiu.com/S/ scripts/fetch_history_fallback.py:235 中危 外部 URL 外部 URL
https://ifzq.gtimg.cn/appstock/app/kline/mkline scripts/fetch_realtime.py:50 中危 外部 URL 外部 URL
https://stock.gtimg.cn/data/index.php scripts/fetch_realtime.py:53 中危 外部 URL 外部 URL
https://dang-invest.com/api/market/news scripts/fetch_realtime.py:54 中危 外部 URL 外部 URL
https://dang-invest.com/api/market/boards/summary scripts/fetch_realtime.py:55 中危 外部 URL 外部 URL
https://dang-invest.com/api/market/boards/detail scripts/fetch_realtime.py:56 中危 外部 URL 外部 URL
https://finance.sina.com.cn/ scripts/fetch_realtime.py:929 中危 外部 URL 外部 URL
https://push2.eastmoney.com/api/qt/slist/get scripts/fetch_sector_info.py:133 目录结构
9 文件 · 157.4 KB · 4172 行 Python 7f · 3838L
Markdown 2f · 334L
├─
▾
references
│ └─
api-reference.md
Markdown
├─
▾
scripts
│ ├─
Ashare.py
Python
│ ├─
fetch_history_fallback.py
Python
│ ├─
fetch_history.py
Python
│ ├─
fetch_realtime.py
Python
│ ├─
fetch_sector_info.py
Python
│ ├─
fetch_stock_events.py
Python
│ └─
fetch_technical.py
Python
└─
SKILL.md
Markdown
依赖分析 5 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
akshare | * | pip | 否 | Version not pinned but is a widely-used, reputable A-share data library |
pandas | * | pip | 否 | Version not pinned; standard data analysis library |
numpy | * | pip | 否 | Version not pinned; standard numerical library |
requests | * | pip | 否 | Version not pinned; standard HTTP library |
MyTT | * | pip | 否 | Version not pinned; technical indicators library |
安全亮点
✓ No shell execution (subprocess/os.system/popen) anywhere in the codebase
✓ No credential harvesting — no access to ~/.ssh, ~/.aws, .env, or API keys
✓ No base64 obfuscation or dynamic code execution (eval/exec/atob)
✓ No C2 communication or data exfiltration patterns
✓ No reverse shell, reverse TCP, or listener logic
✓ No prompt injection instructions hidden in comments or strings
✓ No supply chain risks — akshare/MyTT/pandas/numpy/requests are all standard, well-known data analysis packages
✓ All network requests go to documented, publicly known Chinese financial data APIs (Sina, Tencent, EastMoney, Xueqiu, DangInvest)
✓ Documentation (SKILL.md) accurately describes all capabilities and data sources
✓ Filesystem access is read-only for data fetching; the only write is to a local cache file (stock_name_map.json) within the skill directory
✓ No suspicious IOCs — all external URLs resolve to legitimate financial data endpoints