QMT Strategy Autopilot
PendingAudited by VirusTotal on May 11, 2026.
Overview
No VirusTotal analysis has been recorded yet. File reputation checks will appear here once the artifact hash has been scanned.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken generated strategy or unintended agent invocation could place real trades and cause financial loss.
The documented command can execute an order-generating StrategySpec, including selling all scoped holdings and running repeatedly during trading hours; the visible artifacts do not require a manual approval gate before execution or live use.
python3 {baseDir}/scripts/qmt_autopilot.py run '{..."execution":{"side":"SELL","qty_mode":"all"...},"risk":{"max_order_count":20...},"runtime":{"interval_sec":3,"session":"trade_hours","broker_env":"sim"}...}'Default to simulation, require explicit user confirmation before every live run or order submission, and enforce clear symbol, quantity, order-count, and loss limits.
Installing and configuring this skill may give the agent practical authority over a brokerage account, not just read-only market data access.
The skill requires local QMT account context and supports switching to a live broker environment, but the artifacts do not document a narrow authorization boundary or approval model for the account access.
requires:\n env: ["QMT_PATH", "QMT_ACCOUNT_ID"] ... `BROKER_ENV=sim|live`:柜台环境切换
Use a least-privilege or simulation account where possible, keep live credentials separate, and only enable live trading after verifying account scope and confirmation controls.
The actual trading logic depends on code that was not supplied for review, so a compromised or unexpected planner path could change what gets executed.
The wrapper loads and executes planner code from an external path that is not included in the provided manifest, and an environment variable can redirect it to another local Python file.
PLANNER_PATH = os.getenv("STRATEGY_PLANNER_PATH", "/opt/production_ready_skills/qmt-strategy-planner-skill/scripts/strategy_planner.py") ... spec.loader.exec_module(mod)Bundle or pin the planner dependency, declare STRATEGY_PLANNER_PATH, verify file hashes or provenance, and restrict loading to trusted paths.
A strategy may continue checking signals or acting during a trading session until stopped, depending on the external planner behavior.
The artifacts describe stateful/idempotent execution and a repeated runtime interval during trading hours, which is expected for an autopilot but lacks visible lifecycle or stop guidance.
步骤幂等执行(`request_id` + `step_state`) ... "runtime":{"interval_sec":3,"session":"trade_hours"}Before use, confirm how to stop a running strategy, where step state is stored, and how to reset or audit prior execution state.