ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Hk LeETF

v1.0.0

Analyzes Hong Kong leveraged ETFs by evaluating holdings, price deviation, liquidity risks, and provides rebalancing timing, arbitrage opportunities, and ris...

0· 356·0 current·0 all-time
by@wuzimaki
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the SKILL.md analysis goals (holdings, NAV, liquidity, arbitrage). However, the skill names external data sources (HK market API, ETF holdings data, NAV tool) but declares no endpoints, credentials, or config — plausible for an instruction-only skill but incomplete. Also lists absolute local project paths that tie the skill to a particular user's environment.
!
Instruction Scope
SKILL.md explicitly lists local files/paths (/Users/zst/clawd/HK_LEETF_README.md and /Users/zst/clawd/memory/hk_leETF/) as 'related files' — this implies the agent should read user-local files. The skill does not declare those config paths or explain what data will be read. Instructions are otherwise high-level (fetch market data, compute deviations) but leave unspecified which APIs/endpoints or credentials to use.
Install Mechanism
No install spec and no code files (instruction-only). This is low risk for arbitrary code installation because nothing is written to disk by an installer.
!
Credentials
The skill declares no required environment variables or credentials, yet describes use of market APIs and data sources which commonly require API keys. It also references absolute user-local paths (suggesting access to files under /Users/zst) without declaring required config paths or explaining why those specific user files are necessary.
Persistence & Privilege
The skill is not 'always: true' and is user-invocable (normal). However, because the instructions imply reading user-local files, allow-listing/autonomous invocation would increase the risk of unintended local data access. No evidence the skill modifies other skills or system settings.
What to consider before installing
Do not install or enable this skill until the author clarifies a few points: (1) Which APIs/endpoints will be used and what credentials (if any) are required? Ask them to declare required env vars or provide placeholders. (2) Why are absolute local paths under /Users/zst referenced? Confirm whether the skill will read files from your machine and, if so, which files exactly; remove or generalize hard-coded paths. (3) Request a description of what data is read/sent externally and where results are posted. If you must test it, run the agent in a sandboxed environment or with a user account that contains no sensitive data. Prefer skills that explicitly declare config paths and required secrets rather than embedding user-specific filesystem paths in SKILL.md.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f6629w6rt93csj9yczn8spn8272vx
356downloads
0stars
1versions
Updated 7h ago
v1.0.0
MIT-0
@wuzimaki
latest
Download

HK_LEETF_Trading 港股杠杆 ETF 分析技能

PAI HK_LEETF_Trading 项目的分析决策技能 @version 1.0.0

🎯 目标

  • 分析港股杠杆 ETF 的持仓和走势
  • 识别调仓窗口和套利机会
  • 生成调仓建议和风险提示

📋 核心流程

1. 数据获取

- 获取 ETF 持仓数据
- 获取成分股实时行情
- 获取 ETF 净值 (NAV) 数据
- 获取资金流向数据

2. 分析维度

- 持仓偏离度分析
- 溢价/折价率计算
- 调仓影响评估
- 流动性风险评估

3. 决策输出

- 调仓时机建议
- 套利机会识别
- 风险等级评估
- 仓位调整建议

🔧 工具

  • 港股行情 API
  • ETF 持仓数据源
  • 净值计算工具

📊 成功标准

  • 准确识别调仓窗口
  • 溢价率计算误差 < 0.5%
  • 及时提示大额申赎风险

📁 相关文件

  • /Users/zst/clawd/HK_LEETF_README.md - 项目说明
  • /Users/zst/clawd/memory/hk_leETF/ - 分析日志

Comments

Loading comments...