Scan Report
15 /100
akshare-stock-analysis
Professional stock analysis skill using AKShare data + technical indicators + sector rotation + portfolio diagnosis
Legitimate stock analysis skill using documented public APIs with no undeclared capabilities or malicious behavior detected.
Safe to install
Skill appears safe for use. Consider pinning dependency versions for production stability.
Findings 2 items
| Severity | Finding | Location |
|---|---|---|
| Low | Dependencies without version pinning | SKILL.md:18 |
| Info | requests library not declared in documentation | scripts/akshare_cli.py:9 |
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No file operations in code |
| Network | READ | READ | ✓ Aligned | HTTP GET to qt.gtimg.cn and akshare API |
| Shell | NONE | NONE | — | No subprocess or shell execution |
| Environment | NONE | NONE | — | No os.environ access |
2 findings
Medium External URL 外部 URL
https://qt.gtimg.cn/q= scripts/akshare_cli.py:19 Info Email 邮箱地址
[email protected] SKILL.md:5 File Tree
2 files · 14.1 KB · 441 lines Python 1f · 232L
Markdown 1f · 209L
├─
▾
scripts
│ └─
akshare_cli.py
Python
└─
SKILL.md
Markdown
Dependencies 4 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
akshare | * | pip | No | No version constraint, uses --upgrade flag |
pandas | * | pip | No | Not pinned |
numpy | * | pip | No | Not pinned |
requests | * | pip | No | Used directly, not documented as dependency |
Security Positives
✓ No credential harvesting or sensitive path access (~/.ssh, ~/.aws, .env)
✓ No data exfiltration or suspicious network destinations
✓ No base64 encoding, obfuscation, or hidden payloads
✓ No reverse shell, C2, or malicious code patterns
✓ All network requests go to legitimate financial data APIs (Tencent, East Money)
✓ No subprocess or shell command execution
✓ Code is straightforward and matches documented functionality