扫描报告
15 /100
akshare-stock-analysis
Professional stock analysis skill using AKShare data + technical indicators + sector rotation + portfolio diagnosis
Legitimate stock analysis skill using documented public APIs with no undeclared capabilities or malicious behavior detected.
可以安装
Skill appears safe for use. Consider pinning dependency versions for production stability.
安全发现 2 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | Dependencies without version pinning | SKILL.md:18 |
| 提示 | requests library not declared in documentation | scripts/akshare_cli.py:9 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | No file operations in code |
| 网络访问 | READ | READ | ✓ 一致 | HTTP GET to qt.gtimg.cn and akshare API |
| 命令执行 | NONE | NONE | — | No subprocess or shell execution |
| 环境变量 | NONE | NONE | — | No os.environ access |
2 项发现
中危 外部 URL 外部 URL
https://qt.gtimg.cn/q= scripts/akshare_cli.py:19 提示 邮箱 邮箱地址
[email protected] SKILL.md:5 目录结构
2 文件 · 14.1 KB · 441 行 Python 1f · 232L
Markdown 1f · 209L
├─
▾
scripts
│ └─
akshare_cli.py
Python
└─
SKILL.md
Markdown
依赖分析 4 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
akshare | * | pip | 否 | No version constraint, uses --upgrade flag |
pandas | * | pip | 否 | Not pinned |
numpy | * | pip | 否 | Not pinned |
requests | * | pip | 否 | Used directly, not documented as dependency |
安全亮点
✓ No credential harvesting or sensitive path access (~/.ssh, ~/.aws, .env)
✓ No data exfiltration or suspicious network destinations
✓ No base64 encoding, obfuscation, or hidden payloads
✓ No reverse shell, C2, or malicious code patterns
✓ All network requests go to legitimate financial data APIs (Tencent, East Money)
✓ No subprocess or shell command execution
✓ Code is straightforward and matches documented functionality