扫描报告
5 /100
justice-plutus
Local A-share analysis with Markdown/JSON reports, optional Feishu notifications, and optional iFinD enhancement
A legitimate local A-share analysis skill that executes documented shell commands to run a Python-based stock analysis pipeline.
可以安装
Approve for use. The skill is well-documented and performs only declared local analysis operations.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 命令执行 | WRITE | WRITE | ✓ 一致 | scripts/run_analysis.sh:72 - "$python_cmd" -m justice_plutus "$@" |
| 网络访问 | READ | READ | ✓ 一致 | SKILL.md declares optional API keys for search/notification providers |
| 文件系统 | WRITE | WRITE | ✓ 一致 | SKILL.md:30 - writes reports/YYYY-MM-DD/stocks/ outputs |
| 环境变量 | READ | READ | ✓ 一致 | scripts/run_analysis.sh:49 - reads API keys for LLM provider selection |
1 项发现
中危 外部 URL 外部 URL
https://clawhub.ai/Etherstrings/justice-plutus SKILL.md:23 目录结构
3 文件 · 9.0 KB · 350 行 Markdown 2f · 268L
Shell 1f · 82L
├─
▾
references
│ └─
overview.md
Markdown
├─
▾
scripts
│ └─
run_analysis.sh
Shell
└─
SKILL.md
Markdown
安全亮点
✓ All shell commands are explicitly declared in SKILL.md
✓ Parameter validation prevents command injection (case statement parsing)
✓ No credential harvesting or exfiltration detected
✓ No base64 encoding or obfuscation observed
✓ Optional features are documented and require explicit flags (--notify, --ifind)
✓ Missing optional keys do not block core functionality (graceful degradation documented)
✓ No sensitive path access (~/.ssh, ~/.aws, .env)
✓ No curl|bash or wget|sh remote script execution
✓ Python runtime detection with standard .venv fallback is safe