A Stock Paper Trade
Security checks across malware telemetry and agentic risk
Overview
This looks like a local simulated stock-trading tool, not real brokerage access, but it stores simulated trades locally and relies on external market-data dependencies/services.
Before installing, confirm you want a local paper-trading record under ~/.openclaw, verify Python dependencies from trusted sources, and do not treat the outputs as real brokerage execution or financial advice.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A bad or tampered quote could make simulated trades, balances, or profit/loss calculations inaccurate, though no real-money brokerage access is shown.
The script fetches quote data over plain HTTP and can use the returned price for simulated buy/sell calculations; this is purpose-aligned, but data integrity affects local paper-trading results.
url = f"http://hq.sinajs.cn/list={sc}" ... price = args.price or q["price"]Treat results as simulation only, confirm important prices with a trusted source, and prefer HTTPS or validated market-data sources if accuracy matters.
The skill may fail if dependencies are absent, and any manual dependency installation should come from trusted package sources.
The skill includes bundled Python code and the script imports third-party packages such as requests and akshare, but dependency installation and provenance are not pinned in an install spec.
Source: unknown; Homepage: none; Required binaries: python3; No install spec
Review the bundled script before use and install required Python packages in a trusted, pinned virtual environment or add a locked install specification.
Simulated holdings and transaction history remain on disk and could affect future results if edited or corrupted locally.
The skill discloses a persistent local portfolio file that future commands read and update.
位置:`~/.openclaw/paper-trade/portfolio.json`; 重置:`python3 {baseDir}/scripts/trader.py init --reset`Keep the file private if the simulated trading history is sensitive, and use the documented reset command or delete the file when needed.