扫描报告
5 /100
A股-股市分析和投资顾问(安西军项目)
中国A股/港股市场股票数据查询与分析,通过TAX-API-Key调用只读接口获取行情、基本面、指数及文本数据
A legitimate A-share stock market data query skill using a single API key for read-only GET requests against a documented endpoint. No scripts, no local execution, no credential exfiltration, and no hidden functionality.
可以安装
No action needed. The skill is safe to use as described. Ensure the TAX_API_KEY credential is stored securely in the platform's secret manager and not exposed in logs.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 网络访问 | READ | READ | ✓ 一致 | SKILL.md metadata: only GET to https://tax.yyyou.top/stocks/* |
| 环境变量 | READ | READ | ✓ 一致 | SKILL.md metadata: requires.env TAX_API_KEY |
| 文件系统 | NONE | NONE | — | No file operations in any document |
| 命令执行 | NONE | NONE | — | No shell commands in any document |
| 技能调用 | NONE | NONE | — | No cross-skill invocation declared |
| 剪贴板 | NONE | NONE | — | No clipboard access mentioned |
| 浏览器 | NONE | NONE | — | No browser automation declared |
| 数据库 | NONE | NONE | — | No database access declared |
5 项发现
中危 外部 URL 外部 URL
https://tax.yyyou.top/** README.MD:16 中危 外部 URL 外部 URL
https://tax.yyyou.top/ README.MD:138 中危 外部 URL 外部 URL
https://tax.yyyou.top/stocks/ SKILL.md:59 中危 外部 URL 外部 URL
https://tax.yyyou.top/stocks/... SKILL_REFERENCE.MD:27 中危 外部 URL 外部 URL
https://tax.yyyou.top SKILL_REFERENCE.MD:47 目录结构
4 文件 · 22.0 KB · 614 行 Markdown 4f · 614L
├─
CHANGELOG.MD
Markdown
├─
README.MD
Markdown
├─
SKILL_REFERENCE.MD
Markdown
└─
SKILL.md
Markdown
安全亮点
✓ No scripts or executable code files present — behavior is entirely declarative
✓ Only GET requests to a single documented domain (tax.yyyou.top); no arbitrary network targets
✓ TAX_API_KEY is injected via platform environment variable and never exposed in logs or chat
✓ Skill explicitly disclaims trading capability, local file storage, and local credential access
✓ Remote template injection (Section 2.1.5) has a documented two-grade security model with clear handling rules
✓ No obfuscation, base64 payloads, or anti-analysis techniques observed
✓ No supply chain risk — no dependencies or package files
✓ All capability declarations in metadata match the documented behavior