Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
LongPort Quant Trader
v1.0.0长桥证券量化交易集成 - 自动超跌/动量策略 + 飞书推送 + 绩效跟踪。支持港股/美股自动交易,每 5 分钟监控,止盈止损管理。适用于想要自动化交易的个人投资者和量化爱好者。
⭐ 0· 79·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (LongPort quantitative trader) align with the code and requirements: code imports longport.openapi, submits orders, monitors quotes, and sends Feishu notifications. Required env vars are LongPort credentials which are expected for this purpose. Required binary (python3) and pip dependencies (longport, python-dotenv) are appropriate.
Instruction Scope
SKILL.md and SETUP_GUIDE instruct running monitoring/trading scripts (e.g., quant_monitor.py, hk_scanner_full.py) and storing API keys either as env vars or in a config.py/.env. The runtime instructions and code do perform account queries and order submission (expected), and write local state files (e.g., /tmp/auto_trade_state.json). Minor inconsistency: SKILL.md shows editing config.py while most code uses Config.from_env() and dotenv — this may lead users to store secrets on disk if they follow the config.py guidance. No instructions request unrelated files, credentials, or external endpoints beyond LongPort and optional Feishu.
Install Mechanism
Install spec only bootstraps Python via Homebrew (python@3.12). SKILL.md also instructs pip installing 'longport' and 'python-dotenv' (expected). There are no downloads from untrusted URLs or archive extraction in the install spec. Overall install approach is proportionate.
Credentials
Declared required env vars are LONGPORT_APP_KEY, LONGPORT_APP_SECRET, LONGPORT_ACCESS_TOKEN — these map directly to the trading API and are necessary for automated trading. No unrelated credentials are requested. Note: those credentials allow placing real trades; the skill's access is powerful and should be limited to appropriate accounts (use sandbox/test keys if available). Feishu webhook is optional and not listed as required.
Persistence & Privilege
Skill is not marked always:true and uses normal autonomous invocation. It creates/writes small local state and performance files under /tmp (and suggests local config/.env). It does not request system-wide configuration changes or modify other skills. Autonomous invocation combined with trading credentials implies high potential impact (financial) but that impact is coherent with the stated purpose.
Assessment
This skill appears to be what it says: an automated LongPort trading toolkit that will read market data and can submit real orders if given your LongPort credentials. Before installing, consider: 1) Use a sandbox or simulated account to validate behavior (do not use real money until tested). 2) Do NOT commit API keys to source control — prefer environment variables or a secrets manager; if you follow the config.py suggestion, delete keys from disk afterward. 3) Limit the credentials' permissions if LongPort supports scoped tokens; use a read-only token or a test token where possible and rotate/revoke keys after testing. 4) Review the 'longport' Python package source (PyPI/GitHub) and examine any network calls if you require stronger assurance. 5) If you enable Feishu webhook notifications, treat webhooks as secrets. 6) Because the skill can place trades, run it on a dedicated device and monitor logs and order history closely to detect unexpected activity.Like a lobster shell, security has layers — review code before you run it.
automationvk9704wgsjfv2h8xz2j6bp4kn2x83e20thkstockvk9704wgsjfv2h8xz2j6bp4kn2x83e20tlatestvk9704wgsjfv2h8xz2j6bp4kn2x83e20tlongportvk9704wgsjfv2h8xz2j6bp4kn2x83e20tquantvk9704wgsjfv2h8xz2j6bp4kn2x83e20ttradingvk9704wgsjfv2h8xz2j6bp4kn2x83e20t
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
💰 Clawdis
Binspython3
EnvLONGPORT_APP_KEY, LONGPORT_APP_SECRET, LONGPORT_ACCESS_TOKEN
Install
Install Python 3.12
Bins: python3
brew install python@3.12