ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

智能盯盘

v1.0.0

智能盯盘插件,用于监控A股、港股、比特币等金融市场行情并在条件触发时发送提醒。当用户要求盯盘、监控价格、设置提醒时自动触发,例如"帮我盯着比特币"、监控某只股票、涨跌幅提醒等。

1· 374·1 current·1 all-time
by@lingyv

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for lingyv/glance-watch.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "智能盯盘" (lingyv/glance-watch) from ClawHub.
Skill page: https://clawhub.ai/lingyv/glance-watch
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install lingyv/glance-watch

ClawHub CLI

Package manager switcher

npx clawhub@latest install glance-watch
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's name/description (market watch/alerts) aligns with the code and instructions: it connects to a bridge, submits watch demands, and receives trigger events. However the SKILL.md and scripts require an OPENCLAW_WS_TOKEN environment variable but the registry metadata lists no required env vars — that's an internal inconsistency. Also the skill asks users to install an external npm package (openclaw-glance-plugin) that is not bundled or referenced by registry metadata or a homepage, which is disproportionate to a simple instruction-only skill.
!
Instruction Scope
Runtime instructions and the script explicitly connect to a fixed external WebSocket bridge (ws://glanceup-pre.100credit.cn) and use the token from OPENCLAW_WS_TOKEN. The SKILL.md tells the agent to create monitors and send notifications (openclaw/email/call). The code logs trigger events but does not show fine-grained controls for what exactly is sent to the bridge; thus the bridge could receive user-provided monitoring parameters and possibly runtime events. The instructions do not ask the agent to read unrelated files, but the explicit external endpoint and token usage means sensitive data (the token and monitoring parameters) will be transmitted externally.
!
Install Mechanism
There is no formal install spec in the registry, but SKILL.md instructs the user to run `npm install -g openclaw-glance-plugin`. That pulls code from the public npm ecosystem (moderate risk). The code imports OpenClawPluginAdapter from that package; the package's source, integrity (checksum), and publisher are not provided. The external bridge URL is a non-HTTPS ws:// endpoint on a third-party domain (100credit.cn), which increases risk compared to documented, auditable release hosts.
!
Credentials
The only secret used is OPENCLAW_WS_TOKEN (required by both SKILL.md and scripts). That token is sensible for a WebSocket authentication use-case, so a single credential is proportionate — but the registry metadata failing to declare any required env vars is an incoherence. Users need to know what the token grants and what data the bridge can access; the SKILL.md says token is obtained from a webpage but provides no privacy/security explanation.
Persistence & Privilege
The skill is not always-included and does not request elevated platform privileges. It does not modify other skill configs or system-wide settings. The plugin connects to an external service at runtime but does not request persistent agent-level privileges beyond normal operation.
What to consider before installing
This skill appears to implement the stated market-watching functionality, but exercise caution before installing or supplying credentials. Ask the publisher for: (1) why registry metadata omits the required OPENCLAW_WS_TOKEN (confirm exactly what environment variable is required), (2) the npm package source URL or a checksum/repository for openclaw-glance-plugin so you can audit it, (3) clear documentation of what data is sent to ws://glanceup-pre.100credit.cn and what the token authorizes, and (4) whether a secure wss:// endpoint is available (ws:// is unencrypted). Avoid installing the npm package globally until you verify the package origin and contents. If you must test, use an isolated environment and a token with minimal privileges.

Like a lobster shell, security has layers — review code before you run it.

latestvk970q0n7ab3qfggetzk9edg3ed82dwq4
374downloads
1stars
1versions
Updated 4h ago
v1.0.0
MIT-0
@lingyv
latest
Download

Glance Watch 智能盯盘

快速开始

  1. 环境变量(已在系统配置):

    • OPENCLAW_WS_TOKEN(由网页申请得到)

  2. 安装插件包

    • npm install -g openclaw-glance-plugin

  3. 用户请求盯盘时,解析用户需求提取:

    • productCode: 产品代码
    • productType: 市场类型 (stock/index/hk_stock/crypto)
    • condition: 条件表达式
    • variables: 变量值

  4. 创建监控脚本并运行(bridge 地址固定为 ws://glanceup-pre.100credit.cn

调用判定规则(给 OpenClaw 大模型)

只有在用户明确表达以下意图时调用插件:

  • “帮我盯盘/监控/提醒”
  • “涨到/跌到某个价格提醒我”
  • “达到某个涨跌幅提醒我”

调用前必须确认:

  • productCode(标的代码)
  • productTypestock/index/hk_stock/crypto
  • condition(规则表达式)
  • variables(阈值变量)

缺任一项时先追问,不要猜测阈值。

渠道参数填写

openclaw 渠道必传,email / call 可选。如用户没明确说明使用邮件(email)、电话/外呼(call) 通知提醒,则只需要传入openclaw 渠道。

email 参数(emailConfig)

  • to_address:收件人邮箱(必填)
  • template_id:邮件模板 ID(必填,默认为4,不需要修改)
  • template_params:模板变量(可选)

示例:

emailConfig: {
  to_address: 'demo@example.com',
  template_id: 4,
  template_params: {
    title: '监控提醒',
    product_name: '比特币'
  }
}

call 参数(callConfig)

  • phone:手机号(必填)
  • customer_name:客户名称(可选)
  • condition:外呼内容(可选,默认用触发消息,如不需要自定义可使用默认消息)

示例:

callConfig: {
  phone: '13800138000',
  customer_name: 'Demo',
  condition: '比特币价格突破阈值'
}

支持的市场

市场productType示例说明
A股个股stock000001每3秒行情
A股指数index000300每3秒行情
港股hk_stock00700延迟15分钟
加密货币cryptoBTCUSDT每10秒行情

意图映射建议:

  • 用户提到“指数/沪深300/上证” -> index
  • 用户提到“港股” -> hk_stock
  • 用户提到“比特币/BTC” -> crypto
  • 其余股票默认先按 stock 处理并在必要时追问确认

详细产品代码见 references/markets.md

使用示例

比特币监控

// 条件: 价格 >= 73000 且涨幅 >= 1%
condition: 'price >= threshold and change_percent >= cp_threshold'
variables: { threshold: 73000, cp_threshold: 0.01, product_name: 'Bitcoin' }
// 注意: crypto 不支持 turnover_rate

A股监控

// 条件: 价格 >= 12.5 且换手率 >= 1%
condition: 'price >= threshold and turnover_rate >= tr_threshold'
variables: { threshold: 12.5, tr_threshold: 0.01, product_name: '平安银行' }

港股监控

// 条件: 价格 >= 420
condition: 'price >= threshold'
variables: { threshold: 420, product_name: '腾讯控股' }

触发后操作

当监控触发时:

  1. 解析 market_data 获取价格、涨跌幅等信息
  2. 发送提醒到用户当前对话的渠道(群聊/私聊)
  3. openclaw 渠道必传,email/call 可按需附加
  4. 根据触发消息构建友好的提醒文案

如果创建失败(watch.create.result.success=false):

  • 明确返回失败原因给用户
  • 引导用户补充或修正参数后再次创建

相关资源

Comments

Loading comments...