A股T+0基金5分钟级别买卖监控
v1.0.0T+0 基金 5 分钟级别实时监控,支持批量代码输入,自动生成买入/卖出信号。 **触发场景:** - "监控基金 XXX" - "开始监控这些代码:xxx, xxx, xxx" - "添加 XXX 到监控列表" - "查看监控信号" - "停止监控 XXX" 支持场内 ETF、跨境 QDII、债券 ETF 等...
⭐ 0· 136·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The code, CLI, config, and notifier match the described purpose (real-time fund monitoring, indicator calculation, signal generation, optional webhook notifications). One small mismatch: several modules (indicators.py, health_check.sh) import or reference TA-Lib (talib), but the SKILL metadata and requirements.txt do not list TA-Lib explicitly; install.sh tries to install TA-Lib and falls back to instructions for system packages. This looks like an author oversight rather than malicious intent, but it is a functional inconsistency you should be aware of.
Instruction Scope
SKILL.md and the CLI instructions direct the agent/user to run the included monitor scripts, edit the skill's config, and manage the watchlist. At runtime the code only reads/writes files under the skill directory (~/.openclaw/skills/fund-monitor), fetches market data from public finance endpoints (sina, qt.gtimg, akshare/eastmoney), and sends notifications to user-configured webhooks (DingTalk/WeChat) or terminal. There are no instructions to read unrelated system files or arbitrary environment variables.
Install Mechanism
There is no remote, arbitrary binary download; installation relies on pip installs and an included install.sh. The pip packages are sensible for this use case (akshare, pandas, requests, APScheduler, pyyaml). The install.sh attempts to install TA-Lib which may require system-level libraries (libta-lib-dev) and can fail; it does not download code from obscure hosts. Recommend running install.sh in a controlled environment (or installing dependencies manually) because TA-Lib can be tricky to build.
Credentials
The skill requests no environment variables and declares no credentials. Optional notification webhooks/keys are stored in the skill's config file (config/default.yaml) — that is expected. There are no hidden credential collection steps, and network calls are limited to public market data endpoints and user-configured notification webhooks.
Persistence & Privilege
The skill writes its own files under ~/.openclaw/skills/fund-monitor (config, data, logs), creates a PID file, and runs as a normal user process. always is false and the skill does not modify other skills or system-wide settings. This level of persistence is proportionate for a monitoring tool.
Assessment
This skill appears to do what it claims (fund monitoring and signal generation). Before installing: 1) Be prepared to install TA-Lib system libraries (install.sh attempts to install TA-Lib but requirements.txt doesn't list it) — run in a VM/container if you want to limit system changes. 2) Review and set notify.dingtalk.webhook and notify.wechat.key only if you trust the destination; those webhooks will receive signal content. 3) The code fetches data from public finance endpoints (sina, qt.gtimg, akshare/eastmoney) — if you need to restrict outbound network access, run it in a sandbox. 4) Consider pinning dependency versions and installing into a virtualenv. 5) Inspect log/data files (~/.openclaw/skills/fund-monitor/data and logs) after first runs to confirm behavior. If you want higher assurance, ask the author to add TA-Lib to requirements.txt or remove the build attempt from install.sh and provide clear installation notes.Like a lobster shell, security has layers — review code before you run it.
latestvk97792dbhh1eqhbkhh68vaktz1835133
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📊 Clawdis
Binspython3, pip3