daily_stock_analysis

Score Summary

Key Findings

• ›The tool is genuinely self-hosted: all LLM API keys, stock data API keys (Tushare, Longbridge, SerpAPI, Tavily, etc.), push notification tokens, and analysis results are stored in user-controlled GitHub Secrets or a local .env file and are never transmitted to any ZhuLinsen-operated backend — source: https://github.com/ZhuLinsen/daily_stock_analysis (README architecture).
• ›SerpAPI is listed as a named sponsor in the README with a banner image and affiliate link, while also appearing as one of the recommended news search integrations. This commercial relationship is disclosed inline but creates a mild recommendation bias — source: https://github.com/ZhuLinsen/daily_stock_analysis (README 💖 Sponsors section).
• ›The tool presents analysis results as a '决策仪表盘' (decision dashboard) with precise buy/sell price points and checklists. The investment disclaimer ('仅供学习和研究使用，不构成任何投资建议' — 'for learning and research only, not investment advice') is present in the README footer but is easy to miss in daily push notifications. Users who receive the AI output via Telegram, WeChat, or email without reading the README may not see this disclaimer — source: https://github.com/ZhuLinsen/daily_stock_analysis (README ⚠️ section).
• ›No SECURITY.md, no security contact email, no Terms of Service, and no Privacy Policy exist. The operator is identifiable only by the GitHub handle ZhuLinsen and email zhuls345@gmail.com — no verified real legal name is disclosed on the official product page — source: https://github.com/ZhuLinsen/daily_stock_analysis.
• ›No CVEs or GitHub security advisories were found referencing daily_stock_analysis at NVD, MITRE, or the GitHub Advisory Database. The GitHub security tab shows 0 entries — source: https://github.com/ZhuLinsen/daily_stock_analysis/security.