myquant
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is a coherent MyQuant/GoldMiner trading SDK reference, but users should treat its live-trading token and order examples carefully.
This appears to be a normal documentation/demo skill for the MyQuant trading SDK. Before installing or using it, confirm you trust the gm package source, keep your GM_TOKEN private, and only run live-trading examples after reviewing the strategy, account, mode, symbols, and order sizes.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user or agent runs generated strategy code against a live account, it may place real trades.
The skill documents API calls that can submit trading orders. This is core to the trading SDK purpose, but mistakes in live mode could affect a real financial account.
order_volume(symbol="SHSE.600000", volume=100, side=OrderSide_Buy, order_type=OrderType_Market, position_effect=PositionEffect_Open)
Use backtesting or simulation first, verify mode and account settings, and require explicit human confirmation before any live order placement.
A compromised or mishandled token could allow account access through the MyQuant trading workflow.
The skill requires a MyQuant token and may connect to a broker account for live trading. This is disclosed and purpose-aligned, but it grants access to sensitive trading capabilities.
需要在 https://www.myquant.cn 注册获取Token进行认证。实盘交易需要通过掘金终端连接券商账户。
Protect the token, avoid hardcoding it in shared files, use the least-privileged/sandbox account available, and revoke or rotate it if exposed.
Installing dependencies may pull newer package versions whose behavior differs from what the skill author tested.
The skill depends on external Python packages with lower-bound version constraints rather than exact pinned versions. This is normal for an SDK guide, but users should verify the package source.
gm>=3.0.0 pandas>=1.5.0 numpy>=1.20.0
Install from trusted package indexes, consider pinning exact versions in your own environment, and verify the official MyQuant package documentation.