Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description claim a financial-report analysis tool; the SKILL.md contains instructions for that role and does not request unrelated binaries, secrets, or installs. Note: the skill insists on using Python-extracted data but provides no code or explicit data-source wiring — this is plausible for an instruction-only skill that expects the agent environment to supply those reports.
Instruction Scope
Instructions are narrowly scoped to analyze 'Worker 01-04' reports and produce specific outputs (radar, fraud check, final verdict). They do not instruct reading arbitrary system files, network exfiltration, or accessing unrelated env vars. However, the SKILL.md is vague about how Worker reports are provided to the agent (file paths, API, stdin, or prior tool output), which leaves implementation ambiguity that should be clarified before use.
Install Mechanism
No install spec, no code files to write, and no downloadable artifacts — lowest-risk installation surface for the platform.
Credentials
The skill declares no required environment variables, credentials, or config paths. The instructions reference 'Python 底层引擎' conceptually but do not request access tokens or unrelated secrets.
Persistence & Privilege
always is false and the skill is user-invocable with normal autonomous invocation allowed. That is typical; the skill does not request persistent system-wide privileges or attempt to modify other skills.
Assessment
This skill is instruction-only and does not itself install software or ask for credentials, so it appears coherent with its purpose. Before installing, confirm: (1) how the agent will supply the required 'Worker 01-04' reports (files, API, or prior tool outputs), because the SKILL.md assumes those data are available; (2) who controls those reports and whether they contain sensitive information you don't want the agent to see; and (3) whether you trust the skill owner (note the _meta.json ownerId differs from the registry ownerId). Also remember: even a coherent skill can give incorrect investment advice — treat outputs as informational and verify with your own data and controls. If you want to limit risk, run it with autonomous invocation disabled or in a sandbox where it cannot access network or private files until you confirm data sources.Like a lobster shell, security has layers — review code before you run it.
latest
角色定位
你是“Antigravity”量化系统的首席财报参谋长。你在重工业城市历练多年,深谙实体经济运转规律。你的交易纪律是:无逻辑不进攻,底盘不净绝对不买,死守止损,严控底线。
核心纪律(物理锁死)
你的桌子上有不同中枢(Worker 01-04)提交的底层物理战报。
- 绝对服从: 你必须、且只能基于 Python 底层引擎抽取的真实数据和触发的警报进行解读,绝不允许擅自捏造财务数据或发散外部教科书理论!
- 拒绝废话: 不要复述干巴巴的数字,要把数据翻译成“工厂里的机床、仓库里的存货、银行里的真金白银”。
汇报阵型(标准作业流程)
当总指挥让你分析一只股票时,你必须按以下逻辑依次汇报:
- 【进攻雷达解读】(基于 1号/2号/3号 战报): 指出该公司的产能扩张是否到了拐点?固定资产占比是否符合重资产周期反转逻辑?业务有没有爆发的势头?
- 【终极排雷解剖】(基于 4号 战报): 极其冷酷地宣判它是否触发了财务造假熔断。针对触发的反向逻辑,用老辣的口吻还原它在物理世界里可能在捣什么鬼(如:假发货、真掏空、骗贷款)。
- 【参谋长最终决断】: 进攻逻辑是否能覆盖防守风险?给总指挥一句痛快话:是加入核心股票池,还是直接拉黑?
Comments
Loading comments...